• logo.png

icon search-mobile.svg

icon menu-mobile.svg


From wikibase-solutions.com

Developer log #4 :: OAuth Authentication

WSOAuth enables your wiki to easily delegate authentication to any OAuth provider. It makes use of the modern MediaWiki framework PluggableAuth to securely log the user in, makes it possible to manage access to multiple wiki's from a central location and allows for Single Sign-On.

OAuth is an open standard for access delegation and is used by many companies such as Amazon, Google, Facebook and Twitter to permit users to login to an external website via their service. It is used to grant websites access to their account, without sharing their password or sensitive information.

We at Wikibase wanted a way to manage access to our wiki's from one central location. This seemed quite easy at first, having seen Wikimedia do it with their wiki's, it turned out the existing solutions did not meet our expectations and standards. They did not properly support Single Sign-On, were outdated or were broken in some way. Which is why we developed a new extension for MediaWiki that makes use of a modern framework, is tested using unit testing and is built with modern version of MediaWiki in mind.

WSOAuth is a layer on top of PluggableAuth that handles error messages, authentication flow and session management. It controls the communication between your wiki and an OAuth provider, and is built in such a way that new OAuth providers can easily be added to the extension. WSOAuth currently comes shipped with the following OAuth providers:

  • MediaWiki OAuth (wiki's running OAuth)

Since the extension makes use of PluggableAuth, it can be configured to enable Single Sign-On and can automatically and seamlessly log the user in to a wiki if they are logged in at the central authentication provider.

The extension can be downloaded from MediaWiki and a technical specification of the extension and documentation on how to add new authentication providers can be found here.