Page MenuHomePhabricator

SUL Integration for eventyay (Wikimania virtual event platform)
Open, Needs TriagePublic

Description

We are hoping to implement SUL integration this year on eventyay, our open source virtual event platform for Wikimania (eventyay.com). We would love the help of the MW Platform Team to advise/work with the eventyay developers on the process.

We are expecting to sign our contract with eventyay for 2025 soon, and have this as an initial development item in our statement of work.

Thank you!

Event Timeline

As I'm guessing eventyay is going to continue to be a third party hosted app... I'm guessing this is really talking about something like using MediaWiki-extensions-OAuth ?

As I'm guessing eventyay is going to continue to be a third party hosted app... I'm guessing this is really talking about something like using MediaWiki-extensions-OAuth ?

In which case, https://www.mediawiki.org/wiki/OAuth/For_Developers is probably the more relevant documentation.

our open source virtual event platform for Wikimania (eventyay.com)

this is great, thanks.

AIUI this is something the eventyay developers will work on and just needs support from us. @elappen-WMF is that correct?

sbassett subscribed.

It doesn't look like there are any immediate asks from the Security-Team for this? If there are, please let us know.

That's right @Tgr. I've shared this task with eventyay and asked them to make any support requests or ask any questions here. They'll be following up here soon as we'd like to get the work underway.

Hi @elappen-WMF, thanks for putting this on our radar. It's really great to see this integration happening. We're happy to answer any questions that the team at Eventyay have and provide our support where needed.

Hi everyone, I'm a developer from Eventyay and I'm working on this integration.
I'm testing the OAuth flow on my local machine using registered apps (proposed, not approved yet) from MediaWiki OAuth but I couldn't make it to work.
Could you please review and approve my registered app? Here are the consumer keys: bda47950f950d60cb79bf52286dbf249, 4804ff705a315c33cadcdb6434ed94b5

I tried to use owner-only consumers but it didn't work and return application connect error.
I'm using Python Social Auth package for OAuth1 and Django Allauth for OAuth2.
Thanks @Tgr , @JTweed-WMF

They have been approved, but note that unapproved apps should still work for the owner (ie. if you try them with the same user account that you used to register them) so if that didn't work, there is probably a problem with the application.

Owner-only applications can't do an OAuth handshake (it would be pointless since the user's identity is already pre-determined), they can only make API requests with the pre-generated access token.

Thanks @Tgr for the information, it's very helpful. I have figured out the error on my side.