Manual:$wgAuthManagerAutoConfig

From MediaWiki.org
Jump to: navigation, search
Authentication: $wgAuthManagerAutoConfig
Register authentication providers to use with AuthManager
Introduced in version: 1.27.0 (r195297)(git #d245bd25)
Removed in version: still in use
Allowed values: see below
Default value: see below
Other settings: Alphabetical | By function


Extensions need to register their AuthenticationProvider implementations via this setting for AuthManager to pick it up.

Allowed values[edit]

A hash with three keys, each key a list of ObjectFactoryObjectFactory specifications:

[
    'preauth' => [ /* list of pre-authentication providers /* ],
    'primaryauth' => [ /* list of primary authentication providers /* ],
    'secondaryauth' => [ /* list of secondary authentication providers /* ],
]

Beyond the usual ObjectFactory parameters, a special sort parameter is also recognized; this will determine the effective order of the providers (defaults to 0; smaller first; sorting is stable). The convention is to use the provider's class name as its array key (as a convenience for site admins wanting to change it; AuthManager ignores array keys).

Example[edit]

$wgAuthManagerAutoConfig['preauth'] = [
    'MyPreAuthenticationProvider' => [
        'class' => 'MyPreAuthenticationProvider',
        'args' => [ 'arg1', 'arg2' ],
    ],
];

or, if the extension uses extension registration (preferable):

{
    //...
    "AuthManagerAutoConfig": {
        "preauth": {
            "MyPreAuthenticationProvider": {
                "class": "MyPreAuthenticationProvider",
                "args": [ "arg1", "arg2" ]
        }
    },
    //...
}

This will create a pre-authentication provider object with new MyPreAuthenticationProvider( 'arg1', 'arg2' ), and register it as one of the authentication providers.

Default value[edit]

$wgAuthManagerAutoConfig = [
	'preauth' => [
		MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
			'sort' => 0,
		],
	],
	'primaryauth' => [
		// TemporaryPasswordPrimaryAuthenticationProvider should come before
		// any other PasswordAuthenticationRequest-based
		// PrimaryAuthenticationProvider (or at least any that might return
		// FAIL rather than ABSTAIN for a wrong password), or password reset
		// won't work right. Do not remove this (or change the key) or
		// auto-configuration of other such providers in extensions will
		// probably auto-insert themselves in the wrong place.
		MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				// Fall through to LocalPasswordPrimaryAuthenticationProvider
				'authoritative' => false,
			] ],
			'sort' => 0,
		],
		MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
			'args' => [ [
				// Last one should be authoritative, or else the user will get
				// a less-than-helpful error message (something like "supplied
				// authentication info not supported" rather than "wrong
				// password") if it too fails.
				'authoritative' => true,
			] ],
			'sort' => 100,
		],
	],
	'secondaryauth' => [
		MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
			'sort' => 0,
		],
		MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
			'sort' => 100,
		],
		// Linking during login is experimental, enable at your own risk - T134952
		// MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
		// 	'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
		// 	'sort' => 100,
		// ],
		MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
			'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
			'sort' => 200,
		],
	],
];

See also[edit]