Page MenuHomePhabricator

Implement OAuth login into Wikimini
Open, MediumPublic8 Estimated Story Points

Description

It would be very nice to implement an OAuth login for the Wikimini's wiki farm, for multiple reasons:

  • making Wikimini more accessible (avoid weird captcha etc.)
  • simplify spam fighting (avoid to update weird captcha etc.)
  • making Wikimini more Wikimedia-related
  • potentially increase system security (it is easier to identify Wikimedian vandals)

Plan

  • 1 h create a beta environment
    • evaluate if creating a complete separated environment
    • evaluate a patched beta environment (e.g. IP-based)
  • 1 h register an OAuth application in Meta-wiki (like we have done in T262823)
  • 4 h configure business logic with all the bows and ribbons
    • assure login with legacy credentials
    • disable e-mail based registration
    • assure way to merge credentials
  • 0 h init test phase
  • 0 h end test phase
  • 0 h announce the change
  • 1 h deploy in production

In total, it should be completed in about a working-day.

NOTE: This takes in consideration that T278135: Implement OAuth login for WMCH's members wiki will be carried out before this Task. We will use the same technology so there will be no need to do the preventive analysis twice.

Note that the OAuth application can have multiple redirection URIs (RFC 6749) but the current Meta-Wiki implementation supports just one redirection URL so it cannot supports both beta and production. So, for this feature, it would be better to avoid a complete separated environment, to avoid to handle multiple OAuth applications. Instead, we can implement a dummy IP-based patch, to enable our unstable features just for some trusted users.