(NOTE) work in progress
MediaWiki Platform team owned authentication extensions should have good logging and monitoring coverage to help debugging and incident response, and to allow periodic health checks and alerts to spot issues early. This is a tracking/planning task to organize subtasks.
* #mediawiki-core-authmanager
** AFAIK it has decent logging. We should probably ask #security-team if they need any improvements. Maybe look into T246471/T246462.
** The main monitoring mechanism is the [[https://grafana.wikimedia.org/d/000000004/authentication-metrics?orgId=1|authevents]] channel, which is partially broken (autocreation, specifically) due to T275085 / [[https://gerrit.wikimedia.org/r/c/mediawiki/core/+/658443|gerrit 658443]]. (There is also the [[https://grafana.wikimedia.org/d/000000131/authentications?orgId=1&refresh=30m|authmanager]] channel, basically the same data.)
*** Once {T240685} is done and it's possible to monitor multi-dimensional stats, we should rethink what information to add. (Wiki? Browser family? Authn provider name?)
* #mediawiki-extensions-centralauth (split by functionality/component because it is large)
** SSO (authentication providers, CentralIdLookup, SpecialCentralLogin, SpecialCentralAutoLogin)
*** monitor account creation job failures (T336627)
** user locking and supression