API:Authmanagerinfo

From MediaWiki.org
Jump to: navigation, search

Returns information required for authentication processes based on AuthManager. The code for the authmanagerinfo module is located at ApiQueryAuthManagerInfo.php.

Parameters[edit]

  • amisecuritysensitiveoperation: Test whether the user's current authentication status is sufficient for the specified security-sensitive operation.
  • amirequestsfor: Fetch information about the authentication requests needed for the specified authentication action. Possible values: login, login-continue, create, create-continue, link, link-continue, change, remove, unlink.
  • amimergerequestfields: Merge field information for all authentication requests into one array. Type: boolean
  • amimessageformat: Format to use when returning messages. Possible values: html, wikitext, raw, none.

Response[edit]

The response will always contain the following boolean fields:

  • canauthenticatenow indicating whether login is possible for the current session.
  • cancreateaccounts indicating whether account creation is possible for the current session.
  • canlinkaccounts indicating whether account linking is possible for the current session.

If amisecuritysensitiveoperation was provided, securitysensitiveoperationstatus will be returned indicating the security status of the operation: ok if the operation may proceed, reauth if reauthentication is required, or fail if the operation is not available.

If amirequestsfor was provided, a requests property will be returned with information on the AuthManager authentication requests that may be supplied for the authentication action. If amimergerequestfields was also provided, a fields property with merged field data will also be returned, otherwise the field data for each request will be included as part of the request data.

Authentication request data[edit]

The authentication request data describes the additional fields that need to be provided to the authentication action.

  • id: An identifier for the request.
  • metadata: Metadata about the request that might be useful for an API client.
  • required: Whether the request is required. Value is one of the following strings:
    • required: The request is required, i.e. the authentication action will fail if its fields are not provided.
    • optional: The request is not required, i.e. the authentication action can be expected to proceed normally even if the request is ignored.
    • primary-required: One of the several requests marked primary-required must have its fields provided for the authentication action to proceed.
  • provider: Intended to be a human-readable message describing the provider of this authentication request, but may not be implemented for requests that are not thought likely to be used in a context where this would be displayed. The amimessageformat and uselang parameters control the format and language used.
  • account: Intended to be a human-readable message describing the specific account referenced by this authentication request, but may not be implemented for requests that are not thought likely to be used in a context where this would be displayed. The amimessageformat and uselang parameters control the format and language used.
    • For example, a request representing an account for user@example.com at openid.example.net might have a provider field "OpenID service at example.net" and an account field "user@example.com".
  • fields: Describes the individual POST parameters the request needs.
    • type: Data type of the field. Values below are compared to data returned from the paraminfo action.
      • string: The same as the string paraminfo type.
      • password: The same as the password paraminfo type.
      • select: Paraminfo would return an array of possible values.
      • checkbox: The same as the boolean paraminfo type.
      • button: The same as the boolean paraminfo type. At most one button-type parameter should be included in the request, as this is intended to be equivalent to a submit button in an HTML form.
      • multiselect: Paraminfo would return an array of possible values, and the multi field would be true.
      • hidden: The field isn't intended to be displayed to the user. The value should generally be sent back to the server unchanged.
      • null: Represents explanatory text for the user interface with no associated field in the submission.
    • value: Value for the field. If the user input doesn't override this, it should be used when the field is submitted.
    • options: For select and multiselect types, this is an associative array containing the list of possible values. Keys are the values to be submitted, and values are the human-readable text corresponding to each option (language selected by uselang).
    • label: Human-readable label for the form field. The amimessageformat and uselang parameters control the format and language used.
    • help: Human-readable description for the form field. The amimessageformat and uselang parameters control the format and language used.
    • optional: Boolean indicating whether the field is optional. An authentication request is only valid if all its non-optional fields are provided. Note that, in the case of checkboxes or buttons, this means the boolean field must have a true value.
    • sensitive: Boolean indicating whether the field is considered sensitive. Sensitive fields are things such as passwords that generally shouldn't be displayed, logged, or cached. As such, these fields must be in the POST body rather than in the URL query.