Extension:WSOAuth

The WSOAuth extension (Wikibase Solutions OAuth) provide authentication using an OAuth provider. It provides a layer on top of the PluggableAuth extension to enable authentication via OAuth. The following OAuth providers are currently available as default:


 * MediaWiki OAuth (MediaWiki instance running OAuth)
 * Facebook

WSOAuth makes it easier to add new OAuth providers. You can read more about how to add a new OAuth provider to the extension on WSOAuth for Developers. The extension must be used with exactly one OAuth provider. If you want to discuss this design aspect, see the IDP discussion on the core platform team.

Configuration
Values must be provided for the following mandatory configuration variables:

In addition, the following optional configuration variables are provided:

OAuth providers
Currently, the following OAuth providers are supported:


 * MediaWiki OAuth (MediaWiki instance running OAuth)
 * Facebook

MediaWiki OAuth
Follow the steps below to enable authentication and authorization via MediaWiki OAuth.

To exclusively use MediaWiki as your sign-on system and to automatically log in when visiting the wiki, also set the following in LocalSettings.php: For OAuth applications that utilize a "callback" prefix, a redirect URI must be set. This redirect URI must have the prefix specified:
 * 1) Register a new OAuth application on the wiki you are delegating access to. Do not use an RSA key pair for authentication and let MediaWiki generate the secret for you. Use   as OAuth "callback" URL. Select   under Types of grants being requested.
 * 2) Write down the key and secret you received from MediaWiki.
 * 3) Set the following in your LocalSettings.php:

Facebook
Follow the steps below to enable authentication and authorization via Facebook.

To exclusively use Facebook as your sign-on system and to automatically log in when visiting the wiki, also set the following in LocalSettings.php:
 * 1) Create a new app on Facebook for Developers.
 * 2) Under Add a Product, select Facebook Login.
 * 3) In the menu on the left, select Settings under Facebook Login.
 * 4) Add the domain of your wiki to the list of Valid OAuth Redirect URIs and hit save.
 * 5) In the menu on the left, click Settings, then Basic and write down the App ID and App Secret.
 * 6) Set the following in your LocalSettings.php:

Upgrading from before 3.0
WSOAuth performs additional checks to protect users from unauthorized account usurpation since WSOAuth 3.0. This is done by keeping track of users that have logged in through WSOAuth via the database.

This poses an issue for administrators upgrading to version 3.0, since users that have registered via WSOAuth will no longer be able to log in, because no record of them would exist in the WSOAuth database. If you do not want to enable, you can use the maintenance script   located in the extension's   folder to manually migrate certain or all users to WSOAuth:

$ php extensions/WSOAuth/maintenance/migrateUser.php --user 'Foobar'

$ php extensions/WSOAuth/maintenance/migrateUser.php --user '*' --migrate-all

System messages
Here some useful system messages, related to this extension, that can be personalized:

Note: to change a system message, edit the  page on your wiki. For example MediaWiki:Wsoauth-pluggable-auth-button-label-message on your wiki.