Page MenuHomePhabricator
Create Task
Maniphest T31254

[SUGGESTION] Expose group memberships for query through OpenID teams extension
Closed, DeclinedPublic
Actions

Description

Many uses for having an OpenID provider on your wiki are to provide an authentication source that can be used for other sites.

Often these may apply only to a subset of users, for which user groups are usually a pretty good way to handle it. A foreign site could, for instance, limit authentication to users on a given site in a given group.

Using the OpenID Teams extension, the relying party can ask whether that group membership is valid at auth time, and get (at least part of) the list of available groups back.

I implemented the relying party side for StatusNet's OpenID plugin a while back for integration with LaunchPad which uses this extension; it shouldn't be too hard in theory to stick in on the provider side here.

Version: unspecified
Severity: normal
URL: https://dev.launchpad.net/OpenIDTeams

Details

Reference
bz29254

Related Objects
Search...

StatusSubtypeAssignedTask
 DeclinedNoneT31254 [SUGGESTION] Expose group memberships for query through OpenID teams extension
 DeclinedWikinautT25735 Allow different user grouping for OpenID users
 DeclinedNoneT11604 Get OpenID extension to a state where it could be used on Wikimedia projects as a provider
 Resolved brookeT2057 Single login (Unified login) on all wikimedia projects
 ResolvedNoneT3180 old users not sysopable
 ResolvedNoneT5060 Support OpenID Authentication within Mediawiki
 ResolvedParent5446T20528 [GUI] Disable login button submit function on the provider picker page until something is entered as username
 ResolvedNoneT19637 Implement memcached store for OpenID extension
 ResolvedWikinautT46293 [BUG] OpenID URLs are invalid when $wgServer is relative
 DeclinedNoneT36357 [SEVERE DESIGN PROBLEM] OpenID-created account owners cannot set their e-mail address and/or reset their password when the account lacks an e-mail address or password - race condition
 ResolvedNoneT22185 Changing your email address should require entering your password
 ResolvedWikinautT46353 [SUGGESTION] Login page doesn't respect $wgSecureLogin
 ResolvedWikinautT46416 OpenID: when logging in as "Name" with wiki/Special:OpenIDServer/id , the OpenID should be restamped to wiki/User:Name
 DeclinedNoneT46438 [CODE QUALITY] E:OpenId still contains several header() statements. Check, what can be improved by correct methods.
 DeclinedBUG REPORTNoneT48258 [BUG] E:OpenID when used as Provider does not populate sreg (or ax) fields nickname, email...
 ResolvedWikinautT46821 [BUG] OpenID Consumer wiki stalls with blank page for certain OpenID Provider verification error cases (consumer fails to show the provider response message)
 ResolvedWikinautT48617 [IMPROVEMENT] Add a Special:OpenIDAdminAccountCreation page to allow account creation by admins when the wiki allows account creation for others only through OpenID
 ResolvedWikinautT47304 [GUI] Correct the button message text when converting OpenID (must be "converting" or "adding", not "Login")
 DeclinedWikinautT47308 [BUG] OpenID server log errors $mode and _SESSION
 DeclinedWikinautT46165 [SUGGESTION] Add extension hooks for OpenID link/unlink
 DeclinedFeatureNoneT47914 [CODE QUALITY] Refactor the storage of "trust" information in the user properties (use JSON)
 ResolvedWikinautT48053 [CODE QUALITY] Cleanup ancient un-needed comments and remove superfluous wfDebug statements
 InvalidWikinautT59478 MediaWiki as OpenID server: make $wgOpenIDTrustRoot protocol-independent
 InvalidWikinautT56413 Add necessary functions to $wgRedactedFunctionArguments
 ResolvedWikinautT59578 OpenID: Fix the README file
 DeclinedNoneT59579 E:OpenID as consumer: ChangePassword page is shown twice when attaching an OpenID to an existing account using the _temporary_ password
 OpenNoneT59731 [RFC] make SpecialChangePassword form text depending on login status of $wgUser
 Resolved TgrT110280 Rewrite password management to use AuthManager
 ResolvedAnomieT91699 Create AuthManager framework and core classes
 ResolvedJoeT97675 Custom session handler corrupted by session_destroy, "Failed to initialize storage module"
 ResolvedJoeT106483 Create new HHVM package for HHVM 3.6.5 + patches
 ResolvedhasharT106699 Upgrade HHVM related packages on Trusty Jenkins slaves
 Resolvedbd808T95864 Mocking abstract objects fails on HHVM
 ResolvedAnomieT110274 Fix PHPUnit version incompatibility between AuthManager and Jenkins
 ResolvedKrinkleT99982 Upgrade PHPUnit to 4.0+
 ResolvedNoneT90303 Fetch dependencies using composer instead of cloning mediawiki/vendor for non-wmf branches
 ResolvedJanZerebeckiT106433 replace inline perl in builder wd-mw-composer-merged-install with a proper script
 ResolvedKrinkleT112895 Support installing composer require-dev packages together with mediawiki/vendor
 Resolved TgrT110628 Improve AuthManager documentation
 ResolvedWikinautT56506 $wgHideOpenIDLoginLink was not completely renamed to $wgOpenIDHideOpenIDLoginLink
 ResolvedWikinautT56507 When having a forced provider, disallow adding (converting) further OpenIDs from non-allowed providers: only allow to add the forced provider.
 ResolvedWikinautT56508 Add a third mode "provider only" to the existing "consumer" and "consumer and provider" modes
 DeclinedNoneT56509 remove deprecated, deleted functions like DataBase::safeQuery and User::getSkin
 DeclinedNoneT56510 $wgOpenIDServerStoreType and $wgOpenIDConsumerStoreType need to support something other than 'file'
 ResolvedWikinautT56511 E:OpenID as server: OpenIDServer shows a blank content page in case of untrusted $wgOpenIDTrustRoot. Should display a meaningful error message.
 DeclinedBUG REPORTNoneT56512 E:OpenID needs to work with $wgSecureLogin
 DeclinedNoneT56677 Do account creation checks when creating users
 DeclinedFeatureNoneT58254 E-Mail-based whitelist domains for OpenID
 DeclinedNoneT55087 Extension:OpenID is not yet CSP compliant because it still uses of inline CSS
 DeclinedFeatureNoneT53331 [SUGGESTION] Allow existing users to log in with name/password, new users must use OpenID
 DeclinedNoneT58660 Use autocreate permission to create new users
 ResolvedWikinautT59065 E:OpenID does not accept the temporary password when attaching an OpenID to an existing account.

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 21 2014, 11:38 PM
bzimport added a project: MediaWiki-extensions-OpenID.
bzimport set Reference to bz29254.
brooke created this task.Jun 2 2011, 9:31 PM
Wikinaut added a comment.Jun 6 2011, 7:50 PM

Yes, it will be resolved later (when other code issues are finally solved)

Aklapper added a comment.Dec 12 2012, 2:10 PM

[Removing RESOLVED LATER as discussed in
http://lists.wikimedia.org/pipermail/wikitech-l/2012-November/064240.html .
Reopening and setting priority to "Lowest".
For future reference, please use either RESOLVED WONTFIX (for issues that will
not be fixed), or simply set lowest priority. Thanks a lot!]

Wikinaut added a comment.May 7 2013, 7:19 AM

@ Brion

Brion, you as the reporter, do you still really need this ?

Currently, I cannot implement this due to lack of time and in the view of more important other issues. Please allow me to close this as Resolved Wontfix, but please reopen, if you need it. In this case, perhaps you can then add some new related thoughts, and ideas, suggestion for implementation.

Aklapper added a comment.May 7 2013, 9:06 AM

T. Gries: If you are not *against* fixing this for technical etc. reasons (that's the meaning of WONTFIX), it would be better to keep it open and lowest priority.

Wikinaut added a comment.May 7 2013, 10:06 AM

(In reply to comment #4)

T. Gries: If you are not *against* fixing this for technical etc. reasons
(that's the meaning of WONTFIX), it would be better to keep it open and
lowest
priority.

I am *against* fixing this.

RyanLane added a comment.May 7 2013, 4:43 PM

I would very much like this. It doesn't necessarily need to be you that fixes it. Keeping it open allows other people to see it and pick it up if they want to tackle it.

Wikinaut added a comment.May 7 2013, 7:36 PM

(In reply to comment #6)

I would very much like this. It doesn't necessarily need to be you that fixes
it. Keeping it open allows other people to see it and pick it up if they want
to tackle it.

Very appreciated message, confirmed and accepted.

Aklapper removed Wikinaut as the assignee of this task.Jun 18 2015, 2:08 PM
Aklapper subscribed.

[Resetting task assignee to avoid cookie-licking. Please reclaim the task when you plan to actively work on this task. Thanks!]

Kizule closed this task as Declined.Oct 25 2023, 2:33 PM
Kizule subscribed.

Per T322820: Archive the OpenID extension.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits