Developer log #4 :: OAuth Authentication
WSOAuth enables your wiki to easily delegate authentication to any OAuth provider. It makes use of the modern MediaWiki framework PluggableAuth to securely log the user in, makes it possible to manage access to multiple wikis from a central location and allows for Single Sign-On.
OAuth is an open standard for access delegation and is used by many companies such as Amazon, Google, Facebook and Twitter to permit users to log in to an external website via their service. It is used to grant websites access to their account, without sharing their password or other sensitive information.
We at Wikibase wanted a way to manage access to our wikis from one central location. The way that Wikimedia did it with their wikis seemed quite easy at first, but it turned out the existing solutions did not meet our expectations and standards. They did not properly support Single Sign-On, were outdated or were broken in some way. That is why we developed a new extension for MediaWiki that makes use of a modern framework, is tested using unit testing and is built with modern versions of MediaWiki in mind.
WSOAuth is a layer on top of PluggableAuth that handles error messages, authentication flow and session management. It controls the communication between your wiki and an OAuth provider, and is built in such a way that new OAuth providers can easily be added to the extension. WSOAuth currently comes shipped with the following OAuth providers:
- MediaWiki OAuth (wikis running OAuth)
Since the extension makes use of PluggableAuth, it can be configured to enable Single Sign-On and can automatically and seamlessly log the user in to a wiki if they are logged in at the central authentication provider.
The extension can be downloaded from MediaWiki and a technical specification of the extension and documentation on how to add new authentication providers can be found here.