Depends on T285327: Authorize API consumers against Wikidata
Ensure that we are able to authenticate Requests to our API using Authentication credentials that are sent with requests.
There is still some research required on how to achieve this. See the following resources for some Ideas:
- Authenticate with session cookies: https://laravel.com/docs/8.x/sanctum
- Authenticate with JWT:
Hints:
- Potential authentication Flow:
User Requests resource with authentication credentials (Token/Cookie/Other) → Decode / verify credentials → Send request to Wikidata to identify user (Using MW access tokens) → Check identity (username string) against allow list
- HOT TIP: The allow-list would most probably be specified in the .env file on toolforge.