Interwiki user authentication

Interwiki user authentication would allow a user to authenticate himself to a wiki as the same person who is a particular user on another wiki that isn't part of the same wiki farm.

Let's say that FooUser has an account on AlphaWiki and wants to authenticate himself on BravoWiki as being the same person. Some options are:

Email authentication[edit]

Have both wikis use a third-party website to handle authentication. E.g., an email provider. BravoWiki can login to its own AlphaWiki user account and send an email via API:Email to FooUser with authentication credentials, e.g. a URL or a password that when used on BravoWiki will demonstrate that the user logged into that account has access to the email account he has confirmed on AlphaWiki.

• Pros: Easy to implement without any cooperation from AlphaWiki other than refraining from blocking BravoWiki's user account from sending emails.

Password authentication[edit]

FooUser could give BravoWiki his AlphaWiki password, and BravoWiki could then attempt to login to FooUser's AlphaWiki account with that password. Any CAPTCHAs required by AlphaWiki for that process could be passed on to the BravoWiki user to solve.

• Pros: Pretty simple authentication method that doesn't require any cooperation from AlphaWiki
• Cons: For security reasons, users might be leery of giving their AlphaWiki passwords to BravoWiki.

Edit summary authentication[edit]

BravoWiki could give FooUser a code that he would need to put in an edit summary on AlphaWiki. BravoWiki could then see that edit summary in API:RecentChanges and authenticate the user.

• Pros: Doesn't require that BravoWiki take any write actions on AlphaWiki
• Cons: Requires a useless edit to AlphaWiki

Other schemes?[edit]

I'm sure there are better schemes. See also Manual:Hooks#Writing an event handler.