From T317595: Investigate: Can we load the Create account / Login forms in a modal from an article page?
The api endpoints exist for creating an account and logging in.
From @Tgr:
Construct your own dialog in Javascript, using the clientlogin and createaccount APIs. (I don't think the security concerns are convincing, for reasons which have already been described in T71596.) This was never done before so I'd expect surprises and potentially improvements needed to the APIs. It should be done eventually, and the APIs have been written with exactly this use case in mind, so it would be a worthwhile improvement to MediaWiki core, although an overkill for your use case IMO. The APIs return an abstract form definition, the client code would have to turn that into an actual form inside the modal. In theory this would cover captchas, 2FA and any number of other workflows that can be part of the login or signup workflow, depending on what extensions are installed - you would just get the definition of the form field, without having to know what kind of information workflow step is happening. In practice, as I said, no one has done this before, so I'd expect to hit usability and maybe functionality problems (which should be fixed, but make this a larger effort than it first sounds). One thing I can think of right off the bat is that the CentralAuth cross-wiki login sequence is not covered by any API.
Please investigate how they could be used by the front-end to (create an account and subsequently) log a user in. Please document any problems you encounter as you test these APIs out. I am specifically calling this part out:
In theory this would cover captchas, 2FA and any number of other workflows that can be part of the login or signup workflow, depending on what extensions are installed - you would just get the definition of the form field, without having to know what kind of information workflow step is happening. In practice, as I said, no one has done this before, so I'd expect to hit usability and maybe functionality problems
Presumably, you'll start by POSTing to them manually to see what happens. Can whatever's returned be used to generate a form? Or does a form need to be manually written so that parameters can be passed to the endpoint?