It would be very nice to implement an [[ https://en.wikipedia.org/wiki/OAuth | OAuth ]] login for the [[ https://wikimini.org/ | Wikimini ]]'s wiki farm, for multiple reasons:
* making Wikimini more accessible (avoid weird captcha etc.)
* simplify spam fighting (avoid to update weird captcha etc.)
* making Wikimini more Wikimedia-related
* potentially increase system security (it is easier to identify Wikimedian vandals)
== Plan ==
[ ] `1 h` create a beta environment
[X] evaluate if creating a complete separated environment
[X] evaluate a patched beta environment (e.g. IP-based)
[ ] `1 h` register an OAuth application in Meta-wiki (like we have done in T262823)
[ ] `4 h` configure business logic with all the bows and ribbons
[ ] assure login with legacy credentials
[ ] disable e-mail based registration
[ ] assure way to merge credentials
[ ] `0 h` init test phase
[ ] `0 h` end test phase
[ ] `0 h` announce the change
[ ] `1 h` deploy in production
In total, it should be completed in about a working-day.
Note that the OAuth application can have multiple redirection URIs ([[ https://tools.ietf.org/html/rfc6749#section-3.1.2.2 | RFC 6749 ]]) but the current Meta-Wiki implementation supports just one redirection URL so it cannot supports both beta and production. So, for this feature, it would be better to avoid a complete separated environment, to avoid to handle multiple OAuth applications. Instead, we can implement a dummy `IP-based` patch, to enable our unstable features just for some trusted users.