Action and REST APIs can specify allowed user types for a parameter, via UserDef::PARAM_ALLOWED_USER_TYPES. We should add a temp user type to this list:
UserDef::PARAM_ALLOWED_USER_TYPES 'name': User names are allowed. 'ip': IP ("anon") usernames are allowed. 'cidr': IP ranges are allowed. 'interwiki': Interwiki usernames are allowed. 'id': Allow specifying user IDs, formatted like "#123".
We'll need to update UserDef::processUserto recognize a temporary user (say, 'temp'?) as different from a named user ('name').
Note
This will mean that APIs that want to be usable by temporary users will need to be updated. This will require extra work (compared to just assuming temporary users are in either the 'ip' or 'name' buckets). This decision was arrived at in T337103: Decide a standard approach for classifying temporary, IP and registered users, and Trust and Safety Product Team will communicate this work ahead of enabling temporary account auto-creation.