This is an epic of a #core-platform-team initiative that is documented [[ https://www.mediawiki.org/wiki/Core_Platform_Team/Initiatives/OAuth2#Epic_1_-_Add_OAuth2_support_to_MediaWiki_for_use_by_web-based_clients | here ]].
Non-functional requirements:
- OAuth 1.0 and OAuth 2.0 must be able to coexist
- Implementation in an extension: OAuth2
- Code must be extensible to support API-based clients in Epic 2
- Although the first test case is integration with Discourse, the- The MediaWiki code should not depend upon Discoursea particular client in any way
- Test- Possibly test with Wikimedia-hosted Discourse instance
- Security review of all new code
- Implement on top of new MediaWiki REST API support, if possible
- Use existing library, if possible
-- https://github.com/thephpleague/oauth2-server (needs security review)