Extension:MediaWikiAuth

The MediaWikiAuth extension transparently logs a user in to a remote wiki, importing the user's account and preferences to the local wiki.

What can this extension do?
This extension uses the MediaWiki API and AuthManager framework to direct login requests with no local account to a remote wiki. The account and its preferences are imported, so the remote login only has be done once.

This extension is useful for moving a community from another wiki when you do not have access to the user account database. From a user perspective, it's like they already had an account on the local wiki.

Usage
Install MediaWikiAuth as specified below, set  for the remote wiki, and login using an account on the remote wiki which is not currently present on the local wiki. Preferences and watchlists will be imported; watchlists are imported via the job queue so for large watchlists it may take a while for them to be fully imported.

MediaWikiAuth does not import revisions or uploads, you will need to import those separately.

Configuration and permissions
The following are optional configurations you can apply:


 * $wgMediaWikiAuthAllowPasswordChange (boolean, default false)
 * If true, after importing their account the user will be prompted to optionally change their password (or choose a Skip button to keep the same password). A MediaWiki bug in 1.29 means that if the user navigates away instead of changing their password or clicking Skip, they will be unable to access their account until they reset their password. As such, it is recommended to leave this as false until this bug is fixed.


 * $wgMediaWikiAuthImportGroups (boolean or array of strings, default true)
 * This configuration controls which local user groups are assigned to the user. If true (the default), all group memberships that the user had on the remote wiki are imported to the local wiki, provided groups of the same name exist locally. If false, no group memberships are imported. If an array, the configuration lists which groups to copy over; only those listed are imported. In either case, implicit groups cannot be imported, and any group expiration data is kept intact.

The following group permissions have been added. By default, they are not granted to anyone (you will need to assign them yourself with $wgGroupPermissions):


 * mwa-createlocalaccount
 * A group with this permission is allowed to create a local account manually via Special:CreateAccount even if a user with the same name exists on the external wiki. By default, if a username exists on the external wiki, it is impossible to manually create a local account without importing it (even if it is blocked, locked, etc.). It is recommended to assign this to an administrators group, such as sysop.