Page MenuHomePhabricator
Create Task
Maniphest T283155

Investigate how REST APIs are using authentication
Closed, ResolvedPublic
Actions

Description

Investigate how to implement authentication for the Reconciliation API with existing tools/modules

Investigation starting points:

  • MediaWiki core
  • Other extensions that define REST handlers

Timebox
4 hrs

Related Objects
Search...

Event Timeline

conny-kawohl_WMDE created this task.May 19 2021, 11:07 AM
Lucas_Werkmeister_WMDE updated the task description. (Show Details)May 19 2021, 11:08 AM
conny-kawohl_WMDE mentioned this in T283156: Implement authentication on the REST API.May 19 2021, 11:09 AM
conny-kawohl_WMDE edited projects, added Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 1); removed Wikibase OPEN!NEXT.May 20 2021, 7:57 AM
conny-kawohl_WMDE updated the task description. (Show Details)
toan claimed this task.May 20 2021, 10:02 AM
toan moved this task from Sprint Backlog to Doing on the Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 1) board.
toan added a comment.May 20 2021, 12:28 PM

Reading through the docs I came across this paragraph

https://www.mediawiki.org/wiki/API:REST_API

Permissions and authorization
The REST API is designed to be used with the OAuth extension for user authentication and authorization. However, regardless of the authentication method, the API responds to the presence of a logged-in user and returns content appropriate to that user's permissions.

A little further digging this seems to mean we should use the mediawiki-oauthclient and follow these steps https://github.com/wikimedia/mediawiki-oauthclient-php/blob/master/README.md

Another interesting finding was https://github.com/wikimedia/mediawiki-extensions-WikibaseStatementUpdater which seems to be an extension that uses this client and the above described way. We could probably follow this as a guide for adding this. The authentication process happens here https://github.com/wikimedia/mediawiki-extensions-WikibaseStatementUpdater/blob/master/src/WikibaseStatementUpdaterSpecialPage.php

I started looking into how we could use it here https://github.com/wmde/WikibaseReconcileEdit/compare/oauth but gave up since this is the investigation part of this task.

toan added a comment.May 20 2021, 12:41 PM

Other ways of authentication/authority checks

looking at LanguageLinksHandler which also uses SimpleHandler

it uses in REL1_35 an object called PermissionsManager, and in master/REL1_36 this has been replaced by Handler::getAuthority()

I still think Oauth might be the better way here though.

toan moved this task from Doing to Review on the Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 1) board.May 21 2021, 2:17 PM

Should not use oauth but rather the existing PermissionsManager similar to this https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/IPInfo/+/refs/heads/master/src/RestHandler/LogHandler.php

conny-kawohl_WMDE edited projects, added Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 2); removed Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 1).May 25 2021, 8:33 AM
toan moved this task from Sprint Backlog to Review on the Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 2) board.May 25 2021, 8:34 AM
Lucas_Werkmeister_WMDE closed this task as Resolved.May 28 2021, 1:42 PM
Lucas_Werkmeister_WMDE moved this task from Review to Done on the Wikibase OPEN!NEXT (OPEN!NEXT Hike Sprint 2) board.
Lucas_Werkmeister_WMDE closed subtask T283156: Implement authentication on the REST API as Resolved.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL