Manual:Hooks/AuthChangeFormFields

Details

 * - array of the fields are created from
 * - field information array (union of all responses).
 * - HTMLForm descriptor.  The special key  can be set to change the order of the fields.
 * - one of the constants.

will contain the definition of the HTMLForm (the descriptor array that will be passed to the HTMLForm constructor); the hook allows modifying it. The form field names (array keys) will match the field names in the requests. is the result of.

Caveats:
 * Changing the requests is not allowed.
 * Adding fields which take data is not allowed (adding info fields is fine). Use an authentication provider's  method to add new fields.
 * Any validation, permission check or other business logic in the hook can be trivially circumvented by using the API. Business logic should be in the providers.
 * Any vital information must be made available via the API as well. If it's for users (e.g. the text of a CAPTCHA) use a  field in  (which can be hidden/changed for the web UI from this hook if needed).  If it's for machines (e.g. the public API key for the CAPTCHA) use.

The hook is primarily meant to enhance fields defined by a provider in the same extension (e.g. change a textfield into a typeahead or other interactive widget), change the position of the widget and provide help links or other extra information. Changing form fields belonging to core or other extensions is allowed but should preferably be avoided as it makes the code more fragile.