Extension:WSOAuth/For developers

This page explains how to develop and add a new OAuth provider to WSOAuth and how to develop WSOAuth extensions. Please consider creating a pull request that adds your authentication provider to WSOAuth or consider publishing it as a standalone extension.

Creating an OAuth provider for WSOAuth
Authentication plugins must extend the  abstract class provided by WSOAuth and must implement at least the following methods:


 * This is the constructor of the auth provider.
 * $clientId corresponds directly to the "clientId" passed through the data array by PluggableAuth.
 * $clientSecret corresponds directly to the "clientSecret" passed through the data array by PluggableAuth.
 * $authUri corresponds directly to the "uri" passed through the data array by PluggableAuth. May be null.
 * $rediretUri corresponds directly to the "redirectUri" passed through the data array by PluggableAuth. May be null.


 * This function is called to initiate the OAuth conversion (i.e. the user has not been authenticated yet and visits the login page for the first time). This is the first leg of the 3-legged OAuth login.
 * $key may be set to the consumer key returned by the OAuth provider.
 * $secret may be set to the consumer secret returned by the OAuth provider.
 * $authUrl must be set to the authorization URL to which the user will be redirected.
 * Must return true if the authorization grant has been successfully received, false otherwise.

An example implementation of this function:


 * Called when the user logs out to notify the OAuth provider, if necessary, that clean up such as removing the user's session can be performed.
 * This function shadows PluggableAuth's function.


 * This function is called after  has been executed and the user has been redirected back from the OAuth provider.
 * The purpose of this function is to retrieve the user info from the session variables set during.
 * This function must return an array with the following format if the user info could be retrieved from the session variables set during the  step of the authentication:
 * If the request failed, or the user is not authorised to log in, the function must return false.
 * $key is equal to $key set during.
 * $secret is equal to $secret set during.
 * $errorMessage can be edited to give a custom error message when the login has failed.

An example implementation of this function:


 * Called after a new user has been authenticated and added to the database to add any additional information to the database required by the OAuth provider.
 * This function shadows PluggableAuth's function.

Adding a new OAuth provider to WSOAuth
You can add the OAuth provider you have developed to WSOAuth by placing the class you have written inside of. The class must live in the  namespace. You must then update :

You can also use the hook WSOAuthGetAuthProviders to dynamically add new authentication providers. This can be handy for extension makers that do not want the site administrator to have to manually add a new authentication provider.

Writing extensions
Extensions can be written to extend WSOAuth's functionality. These are different from OAuth providers, as they do not directly authenticate a user. Instead, WSOAuth extensions should alter the authentication flow by using the provided hooks:


 * WSOAuthAfterGetUser - enables extensions to alter the user info or stop the authentication flow;
 * WSOAuthBeforeLogout - enables extensions to clean up before the logout function of the AuthProvider is called;
 * WSOAuthBeforeAutoPopulateGroups - enables extensions to alter the User before the groups in  are assigned or to skip the group population.
 * WSOAuthGetAuthProviders - enables extension to add new authentication providers

More about how to write extensions can be found on Manual:Extensions.