Extension:WSOAuth

The WSOAuth extension (Wikibase Solutions OAuth) provide authentication using an OAuth provider. It provides a layer on top of the PluggableAuth extension to enable authentication via OAuth.

The following OAuth providers are currently available by default:


 * MediaWiki (MediaWiki instance running OAuth)
 * Facebook

WSOAuth makes it easy to add new OAuth providers. You can read more about how to add a new OAuth provider on WSOAuth for Developers.

Configuration
Values must be provided for the following mandatory configuration variables:

In addition, the following optional configuration variables are provided:

An example of the for a single providers is as follows:

An example of the for multiple providers is as follows:

Group synchronisation
To configure group synchronisation, you need to add a  array to the   array. This array must contain zero or more sub-arrays that specify how groups are synced. For detailed information, see Extension:PluggableAuth.

The most common use-case is to synchronise all groups, which can be achieved using the  group synchronisation algorithm. The configuration below will achieve similar functionality to older version of WSOAuth (<= 8.0.0).

OAuth providers
Currently, the following OAuth providers are supported:


 * MediaWiki OAuth (MediaWiki instance running OAuth)
 * Facebook

MediaWiki OAuth
Follow the steps below to enable authentication and authorization via MediaWiki OAuth.


 * 1) Register a new OAuth 1.0a application on the wiki you are delegating access to. Do not use an RSA key pair for authentication and let MediaWiki generate the secret for you. Use   as OAuth "callback" URL. Select   under Types of grants being requested.
 * 2) Write down the key and secret you received from MediaWiki.
 * 3) Set the following in your LocalSettings.php:

To exclusively use MediaWiki as your sign-on system and to automatically log in when visiting the wiki, also set the following in LocalSettings.php:

For OAuth applications that utilize a "callback" prefix, a redirect URI must be set through the  key. This redirect URI must have the prefix specified.

Facebook
Follow the steps below to enable authentication and authorization via Facebook.


 * 1) Create a new app on Facebook for Developers.
 * 2) Under Add a Product, select Facebook Login.
 * 3) In the menu on the left, select Settings under Facebook Login.
 * 4) Add the domain of your wiki to the list of Valid OAuth Redirect URIs and hit save.
 * 5) In the menu on the left, click Settings, then Basic and write down the App ID and App Secret.
 * 6) Set the following in your LocalSettings.php:

To exclusively use Facebook as your sign-on system and to automatically log in when visiting the wiki, also set the following in LocalSettings.php:

Upgrading from before 6.0
The database schema had to be changed in order to support multiple authentication providers after version 6.0. If you are running a MediaWiki instance with a version of WSOAuth older than 6.0, you must migrate your existing external users to the new database schema if you want to upgrade.

You can use the maintenance script  located in the extension's   folder to migrate:

The  option in the example above determines which provider to migrate existing users to.

System messages
Here some useful system messages, related to this extension, that can be personalized:

Note: to change a system message, edit the  page on your wiki.