Page MenuHomePhabricator
Create Task
Maniphest T355442

Restore $wgCentralAuthCreateOnView for CentralAuth
Closed, DeclinedPublic
Actions

Description

I understand that CentralAuth is a Wikimedia centric extension and that there's a disclaimer against using it outside Wikimedia but the reality it is being used by other wikifarms. I also understand that the purpose of T339959 was to reduce the complexity.

That being said, it would be really appreciated if $wgCentralAuthCreateOnView was restored. Some projects don't like having accounts being created on view and this setting would allow us to control that. It is quite a simple setting and I don't think in itself creates excess complexity in CentralAuth

Related Objects

Event Timeline

Reception123 created this task.Jan 19 2024, 5:19 PM
Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptJan 19 2024, 5:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
OriginalAuthority added a comment.EditedJan 19 2024, 5:24 PM

Aside from the fact that some people just generally don't like it, Miraheze is at the point where Special:CentralAuth is taking a considerably long time to load due to the number of attached accounts. For some users, even if they haven't edited that wiki.

Krinkle subscribed.Jan 19 2024, 6:45 PM

Perhaps rather than configure auto create, you can configure auto login instead? CentralAuth should be able to function as a shared account system even if you always explicitly choose when and where to login.

The notion of being automatically logged in, if you're logged in on a central wiki, but not if it's the first visit, seems quite complex to me.

It would be simpler if either you're always logged in, and local state is basically made unnoticeable (autocreate and autologin), or you control login yourself (explicit login, create on first login).

Tgr mentioned this in T21161: Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login).Jan 20 2024, 12:08 AM
Tgr closed this task as Declined.Jan 20 2024, 12:20 AM
Tgr subscribed.

$wgCentralAuthCreateOnView was dropped in rECAUb1908c5ada1e: Drop some backwards-compatibility code, during the AuthManager rewrite of CentralAuth which significantly changed how autocreation happens. You'd have to redo it from scratch.

Autocreation is somewhat problematic (T21161: Don't autologin if local account doesn't exist (don't autocreate if user doesn't explicitly login)) but then, non-autocreation would be problematic in its own ways. If we try to solve that, we'll have to do it in a more nuanced way, not just by forcing users to log in.

In T355442#9473266, @OriginalAuthority wrote:

Aside from the fact that some people just generally don't like it, Miraheze is at the point where Special:CentralAuth is taking a considerably long time to load due to the number of attached accounts. For some users, even if they haven't edited that wiki.

CentralAuth is a "use at your own risk" extension, fine-tuned to Wikimedia wikis' needs (which change, so the extension changes too, often in non-backwards-compatible ways). I hope at some point we can find the time to spin off most of its generic functionality (like global groups or global rename) so that they can work with any SSO extension that provides central IDs. But strictly for login / account creation, IMO you are better off finding something else and improving it to cover the use cases you need. Maybe WSOAuth.

That said if you really want to use CentralAuth and not do autocreation, you can probably do some magic with the autocreateaccount permission or with the PreAuthenticationProvider::testUserForCreation() callback, making sure it's only allowed on the login page or something like that.

Bugreporter subscribed.Jan 20 2024, 1:51 AM

I hope at some point we can find the time to spin off most of its generic functionality (like global groups or global rename) so that they can work with any SSO extension that provides central IDs.

For global groups see T355381.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL