Wikimedia Foundation has long been present in these datasets, which means passwords are generally auto-filled regardless of which wiki project you're logging in on.
The way this dataset works:
* For any listed domain, it and any subdomains of it, may share credential auto-fill.
* For other domains in the same array, also share credential auto-fill.
Note that `wikimedia.org` is expressly not listed wholesale, because it is a generic domain that holds both wikis and non-wikis. This means `auth.wikimedia.org` has to be added here.
```lang=json
{
"shared": [
"wikipedia.org",
"mediawiki.org",
"wikibooks.org",
"wikidata.org",
"wikinews.org",
"wikiquote.org",
"wikisource.org",
"wikiversity.org",
"wikivoyage.org",
"wiktionary.org",
"commons.wikimedia.org",
"meta.wikimedia.org",
"incubator.wikimedia.org",
"outreach.wikimedia.org",
"species.wikimedia.org",
"wikimania.wikimedia.org"
]
}
```
Per @matmarex, there is a seemingly collaborative dataset curated by Apple at <https://github.com/apple/password-manager-resources>. This initiative only started fairly recently, with "Wikimedia" addd in 2020 with <https://github.com/apple/password-manager-resources/pull/200>. If enough browsers and standalone apssword managers use this dataset, we potentially only have to add it there, and then wait for others to update their copies.
https://github.com/apple/password-manager-resources/blob/main/quirks/shared-credentials.json
### Work
* [ ] **Test**: Verify the above understanding, i.e. credentials are not already auto-filled somehow on auth.wikimedia.org today.
* [ ] **Product**: Define which browsers and standalone password managers we care before the "main" SUL3 launch (post-group0).
* [ ] **Research**: Determine which if any do not use the Apple dataset as their source.
* [ ] **Submit**: Submit change request to https://github.com/apple/password-manager-resources
* [ ] **Test again**: Wait and verify that it works.
| Browser or pwd manager | Source or process
|--|--
| WebKit |
| Firefox | //Apple dataset//, imported at [mozilla/gecko:/websites-with-shared-credential-backends.json](https://github.com/mozilla/gecko-dev/blob/master/services/settings/dumps/main/websites-with-shared-credential-backends.json) since 2021, per [bugzilla ticket 1687996](https://bugzilla.mozilla.org/show_bug.cgi?id=1687996) and as shown by recent bot commits.
| Chromium |
| KeePassXC |
| Strongbox | //Apple dataset//, imported at [Strongbox:/shared-credentials.json](https://github.com/strongbox-password-safe/Strongbox/blob/master/shared-credentials.json) since 2022 per [ApplePasswordManagerQuirks.swift](https://github.com/strongbox-password-safe/Strongbox/blob/3117fa76131ca756984586948110255ac4abdfc1/model/quirks/ApplePasswordManagerQuirks.swift).
| 1Password | //Apple dataset//, per [employee](https://github.com/apple/password-manager-resources/pull/374), and [fork](https://github.com/1Password/password-manager-resources)
| LastPass | custom, according to a June 2020 [unofficial extraction](https://github.com/apple/password-manager-resources/pull/183#issuecomment-641594770) we're not yet on it. TODO: Verify and figure out process to get added.
| Bitwarden | custom, [bitwarden/server:/StaticStore.cs](https://github.com/bitwarden/server/blob/411291b782966fe17f4e53cd9350d137dac5d7ae/src/Core/Utilities/StaticStore.cs#L88)