Extension:AuthWP

AuthWP is a MediaWiki extension that allows authentication with WordPress credentials. It is a rewrite of by Ciaran Gultnieks and is intended to provide essentially the same functionality using   and   introduced in MediaWiki 1.27.

Overview
Users are matched between MediaWiki and WordPress by their username. The ID of a given user may, however, differ between the two systems. User management is largely delegated to WordPress, because it imposes more stringent requirements than MediaWiki. For instance, AuthWP maps MediaWiki's real name to WordPress's display name, but whereas MediaWiki's real name can be set to an arbitrary string, WordPress's display name is confined to combinations of the user's first and last names. Hence, AuthWP does not allow users to set their real name, but requires them to change their display names in WordPress instead. Similarly, a user's email address must be set from WordPress. Because WordPress allows authentication using email addresses, they are required to be unique and any changes should be properly validated.

Unlike WPMW, AuthWP does not synchronize user attributes from WordPress to MediaWiki on every request. This feature is probably better implemented in a WordPress plugin or theme.

Prerequisites
Not only must MediaWiki be running on the same host as an existing WordPress setup, it must also be installed inside the WordPress directory. For instance, MediaWiki could be located in a  directory next to WordPress's   file. If this is not the case MediaWiki will apparently not see the WordPress cookies, which are used for authentication; see for hints on how to deal with that situation.

Configuration
The path to the WordPress installation relative to the MediaWiki installation is configured using the extension's  configuration variable. This value defaults to, which is appropriate if the MediaWiki root resides in a directory next to WordPress's   file. The only other configuration option is, which defines the priority of AuthWP's session provider. The default value is, which means that AuthWP runs at the highest priority and therefore has the ability to invalidate the session for downstream session providers when the users logs out from WordPress.

User auto-creation
AuthWP can auto-create users in MediaWiki and WordPress, but this functionality comes with important caveats. For authenticated WordPress users, AuthWP can auto-create a corresponding MediaWiki user when the wiki is first accessed, provided  contains something to effect of The new MediaWiki user's email address and real name are taken from WordPress. Note that this can only work if the WordPress username is also a valid MediaWiki username and this is currently not checked!

In order to create accounts de novo from MediaWiki,  will need to contain This will create a user in WordPress, with default values for all attributes other than display name, username, and password; for instance, the new WordPress user's  may be set to. In particular, note that because MediaWiki does not require an email address on registration, it may be left empty in the new WordPress account, and this can.

Features

 * A valid WordPress session should grant access to MediaWiki. Conversely, a valid MediaWiki session should grant access to WordPress.
 * Logging out of WordPress should log the user out of MediaWiki and vice versa.
 * Passwords can be changed in either MediaWiki or WordPress, but MediaWiki will not store any passwords for users with WordPress accounts: if a password is changed from MediaWiki, it will be updated in WordPress.

= Known limitations =
 * Accounts cannot be removed or locked in WordPress.

MediaWiki 1.39.x LTS Test Plan
The items listed here are general issues related to MediaWiki 1.39.x LTS. They are not addressing any issues that are specific to this extension.


 * Extension considered active for MediaWiki 1.39.x LTS