It would be useful if bots on Toolforge did not need to store a password on the shared servers. The worst case for a stolen password is someone logging in and changing e-mail address, password etc. to lock the user out of their own account.
MediaWiki supports OAuth as a method of authentication. More information about https://www.mediawiki.org/wiki/OAuth/For_Developers
With OAuth, only a token needs to be stored in the shared environment, and in worst case scenario someone can make a few edits with the token, but it can be revoked at any time, and the malicious user can not lock out the rightful user.
This task is to implement OAuth support in pywikibot. To complete this task, a unit test should be added to the test suite to perform a login and logout using OAuth with assertions that verify APISite._userinfo is correct, and a second unit test should login, edit a userpage, and confirm the edit was performed using the OAuth-authenticated account. The unit test should be configured to run on travis-ci when the secret key is available in the Travis configuration, and skipped when it isnt.
To get started testing your OAuth integration, register at https://www.mediawiki.org/wiki/Special:OAuthConsumerRegistration/propose while logged in as your mediawiki.org user. You will probably want to use https://www.mediawiki.org/wiki/Special:OAuth/verified for the callback url. Leave the "Public RSA key" field blank. You will be able to use the key and secret that you receive when you complete the registration, as long as you approve it using the same mediawiki.org user that you used to register the application.