Core Platform Team/Initiative/OAuth2/Initiative Description
- Summary
Add OAuth 2.0 support to MediaWiki so that a MediaWiki instance may be used as an authentication source by a client. The first phase of this work will be to add to MediaWiki support necessary for Discourse to use a MediaWiki instance as an OAuth 2.0 authentication provider. The second phase of this work will be to add to MediaWiki support for generating API keys using OAuth 2.0. The code developed in Phase 1 must be designed to be extensible for support of the Phase 2 functionality.
- Significance and Motivation
We need OAuth 2.0 to have single sign-on with Discourse https://www.discourse.org/plugins/oauth.html . Other systems use OAuth 2.0 or the related OpenID Connect for distributed authentication. OAuth 2.0 is a common way for APIs to integrate API keys. The gold standard for API authentication; many libraries and tools support OAuth 2.0. OAuth 2.0 has some significant implementation optimizations over OAuth 1.0.
- Outcomes
- Users can log into Discourse with their Wikimedia project identity
- WMF can track API requests by client
- WMF can disallow API requests by badly-behaved client
- Baseline Metrics
None given
- Target Metrics
None given
- Stakeholders
- Community Engagement/Community Relations (Discourse authentication)
- Partnerships (for API keys)
- Other API providers within the organization?
- Known Dependencies/Blockers
None given