Core Platform Team/Initiative/OAuth2/Initiative Description

< OAuth2

Summary

Add OAuth 2.0 support to MediaWiki so that a MediaWiki instance may be used as an authentication source by a client. The first phase of this work will be to add to MediaWiki support necessary for Discourse to use a MediaWiki instance as an OAuth 2.0 authentication provider. The second phase of this work will be to add to MediaWiki support for generating API keys using OAuth 2.0. The code developed in Phase 1 must be designed to be extensible for support of the Phase 2 functionality.

Significance and Motivation

We need OAuth 2.0 to have single sign-on with Discourse https://www.discourse.org/plugins/oauth.html . Other systems use OAuth 2.0 or the related OpenID Connect for distributed authentication. OAuth 2.0 is a common way for APIs to integrate API keys. The gold standard for API authentication; many libraries and tools support OAuth 2.0. OAuth 2.0 has some significant implementation optimizations over OAuth 1.0.

Outcomes

• Users can log into Discourse with their Wikimedia project identity
• WMF can track API requests by client
• WMF can disallow API requests by badly-behaved client

Baseline Metrics

None given

Target Metrics

None given

Stakeholders

• Community Engagement/Community Relations (Discourse authentication)
• Partnerships (for API keys)
• Other API providers within the organization?

Known Dependencies/Blockers

None given