Page MenuHomePhabricator
Create Task
Maniphest T404255

Do we want to add users to oathauth-twofactorauth group if they already have the oathauth-enable right?
Closed, DeclinedPublic
Actions

Description

Follows up T400579: Add ability to make 2FA available to N% of users, and as a further optimisation past T404252: OATHAuth loading more from the database than needed...

Is there any benefit of adding users to the oathauth-twofactorauth group, if they already have the oathauth-enable right? And/or, depending on how we want to look it up, whether they even already have 2FA enabled?

Related Objects

Event Timeline

Reedy created this task.Sep 10 2025, 7:15 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 10 2025, 7:15 PM
Reedy triaged this task as Low priority.Sep 10 2025, 7:15 PM
JJMC89 subscribed.Sep 10 2025, 7:46 PM

And/or, depending on how we want to look it up, whether they even already have 2FA enabled?

Doing it based on whether 2FA is enabled would publicly disclose this information that should gated behind the oathauth-verify-user right.

Reedy added a comment.Sep 10 2025, 7:49 PM

Ontop of the maths being used to decide if they get put in that group anyway in the meantime... But yes, point taken :)

Reedy updated the task description. (Show Details)Sep 10 2025, 7:50 PM
Reedy edited projects, added FY2025-26 WE4.6.2 Multiple Authenticators; removed FY2025-26 WE 4.6 - Account Security.Sep 10 2025, 9:01 PM
Johannnes89 subscribed.Sep 11 2025, 6:54 AM
Reedy moved this task from Backlog to User Experience on the MediaWiki-extensions-OATHAuth board.Sep 17 2025, 9:29 AM
Catrope edited projects, added FY2025-26 WE4.6.3 Global 2FA Opt-In; removed FY2025-26 WE4.6.2 Multiple Authenticators.Sep 29 2025, 5:29 PM
Mstyles closed this task as Declined.Dec 5 2025, 8:55 PM
Mstyles subscribed.

Since all users now have 2FA access I'm declining this task as I don't think it's relevant anymore.

Mstyles moved this task from Backlog to Done on the FY2025-26 WE4.6.3 Global 2FA Opt-In board.Jan 23 2026, 11:22 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits