Auth systems/status

Last update on: 2014-07-monthly

This activity kicked off on March 26. We're planning a minimal OpenID implementation and OAuth implementation in the coming months. Very tentative target date is end of May.

During April, the team primarily focused on implementing SUL v2, which will fix issues that users are having with new security features in recent browser releases. SUL v2 is ready for testing and deployment is targeted for early May. In addition, the team worked toward a final design specification for OAuth and will begin working on that pending the successful deployment of SUL v2.

In June, the team worked with the Wikimedia Foundation's user experience team to improve SUL2. The improvements were pushed to test wikis on July 1, and will be rolled out to other wikis in July. Implementation of OAuth is well underway, and planned for roll-out in July as well.

Engineers worked towards for an OAuth deployment to the beta cluster in early August, and aim to roll OAuth out to the test wikis (e.g., test2.wikipedia.org) after Wikimania.

Chris Steipp just deployed OAuth to the test wikis this morning. The available set of rights that can be authorized to an OAuth Consumer (an application that will be talking to the MediaWiki api on behalf of a user) isn't exhaustive, but it covers most basic usage of the api, including editing. So no, not read only. He'll send out a more detailed announcement with links to documentation for getting started with OAuth in a little bit.

The team deployed OAuth to mediawiki.org on Aug 20th, and are working on enhancement requests before the extension is enabled on the rest of the WMF wikis. Several small bugs were fixed in SUL.

The team improved the user interface of OAuth and deployed these changes to mediawiki.org and test.wikipedia.org. We hope to test and refine the extension with third party developers, and subsequently deploy to all wikis. An initial review of Extension:OpenID was performed, and several issues were brought to the attention of the extension maintainer. Several bugs with CentralAuth/SUL were also fixed.

We continued to refine the OAuth UX with the design team, and completed all major development tasks for the initial OAuth product. The first third-party application approved to use OAuth, "Gerrit Patch Uploader", was successfully used by several end users. We plan to finish the OAuth deployment in November.

Our preliminary version of OAuth is now live on all Wikimedia wikis. Since the rollout, five OAuth consumers have been accepted. We're hopeful many more consumers will be proposed.

The team implemented performance fixes for CentralAuth to reduce the number of calls by anonymous users.

The team focused on minor updates to close some of the high priority OAuth bugs.

The team prepared the migration of the central OAuth database from mediawiki.org to Meta-Wiki, and got input from the Wikimedia Foundation's legal team regarding the OAuth process.

We did initial work on Authn/z requirements for RFC architecture, and an initial review of Requests for comment/AuthStack. We also investigated the use of MediaWiki's OAuth for Phabricator, and worked on a proof of concept.

We worked on the SOA Authentication RFC to support the Services team. We also created a MediaWiki-vagrant role for CentralAuth, including significant work to support multiple wikis on a single Vagrant instance. We continued work on the Phabricator-MediaWiki OAuth integration, and the patch was upstreamed. Last, we held an OAuth training session at the Zürich Hackathon, resulting in several new apps using OAuth.

Continued work on the SOA Authentication RFC and Phabricator OAuth integration. We made OAuth compatible with HHVM and made other minor bug fixes.

Most work was spent on SUL Finalization tasks. Phpunit and browser tests were added for CentralAuth, global rename was deployed, and lots of small fixes were made to CentralAuth to clean up user accounts in preparation for finalization.