Manual:$wgAuthManagerAutoConfig
Authentication: $wgAuthManagerAutoConfig | |
---|---|
Register authentication providers to use with AuthManager |
|
Introduced in version: | 1.27.0 (Gerrit change 195297; git #d245bd25) |
Removed in version: | Still in use |
Allowed values: | see below |
Default value: | see below |
Other settings: Alphabetical | By function |
Extensions need to register their AuthenticationProvider
implementations via this setting for AuthManager to pick it up.
Allowed values
editA hash with three keys, each key a list of ObjectFactory specifications:
[
'preauth' => [ /* list of pre-authentication providers */ ],
'primaryauth' => [ /* list of primary authentication providers */ ],
'secondaryauth' => [ /* list of secondary authentication providers */ ],
]
Beyond the usual ObjectFactory parameters, a special sort
parameter is also recognized; this will determine the effective order of the providers (defaults to 0; smaller first; sorting is stable).
The convention is to use the provider's class name as its array key (as a convenience for site admins wanting to change it; AuthManager ignores array keys).
Example
edit$wgAuthManagerAutoConfig['preauth'] = [
'MyPreAuthenticationProvider' => [
'class' => 'MyPreAuthenticationProvider',
'args' => [ 'arg1', 'arg2' ],
],
];
or, if the extension uses extension registration (preferable):
{
//...
"AuthManagerAutoConfig": {
"preauth": {
"MyPreAuthenticationProvider": {
"class": "MyPreAuthenticationProvider",
"args": [ "arg1", "arg2" ]
}
}
},
//...
}
This will create a pre-authentication provider object with new MyPreAuthenticationProvider( 'arg1', 'arg2' )
, and register it as one of the authentication providers.
Default value
editMediaWiki version: | ≥ 1.43 |
$wgAuthManagerAutoConfig = [
'preauth' => [
ThrottlePreAuthenticationProvider::class => [
'class' => ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right.
// Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place.
TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'sort' => 200,
],
],
];
MediaWiki versions: | 1.41 – 1.42 |
$wgAuthManagerAutoConfig = [
'preauth' => [
\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right.
// Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place.
\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'args' => [ [
// Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancerFactory',
],
'sort' => 200,
],
],
];
MediaWiki versions: | 1.39 – 1.40 |
$wgAuthManagerAutoConfig = [
'preauth' => [
\MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before
// any other PasswordAuthenticationRequest-based
// PrimaryAuthenticationProvider (or at least any that might return
// FAIL rather than ABSTAIN for a wrong password), or password reset
// won't work right. Do not remove this (or change the key) or
// auto-configuration of other such providers in extensions will
// probably auto-insert themselves in the wrong place.
\MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
\MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Last one should be authoritative, or else the user will get
// a less-than-helpful error message (something like "supplied
// authentication info not supported" rather than "wrong
// password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
\MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
\MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
\MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'sort' => 200,
],
],
];
MediaWiki versions: | 1.37 – 1.38 |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
// TemporaryPasswordPrimaryAuthenticationProvider should come before
// any other PasswordAuthenticationRequest-based
// PrimaryAuthenticationProvider (or at least any that might return
// FAIL rather than ABSTAIN for a wrong password), or password reset
// won't work right. Do not remove this (or change the key) or
// auto-configuration of other such providers in extensions will
// probably auto-insert themselves in the wrong place.
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Fall through to LocalPasswordPrimaryAuthenticationProvider
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'args' => [ [
// Last one should be authoritative, or else the user will get
// a less-than-helpful error message (something like "supplied
// authentication info not supported" rather than "wrong
// password") if it too fails.
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
// Linking during login is experimental, enable at your own risk - T134952
// MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [
// 'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class,
// 'sort' => 100,
// ],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'services' => [
'DBLoadBalancer',
],
'sort' => 200,
],
],
];
MediaWiki versions: | 1.33 – 1.36 |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'sort' => 200,
],
],
];
MediaWiki versions: | 1.27 – 1.32 |
$wgAuthManagerAutoConfig = [
'preauth' => [
MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class,
'sort' => 0,
],
],
'primaryauth' => [
MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => false,
] ],
'sort' => 0,
],
MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class,
'args' => [ [
'authoritative' => true,
] ],
'sort' => 100,
],
],
'secondaryauth' => [
MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class,
'sort' => 0,
],
MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class,
'sort' => 100,
],
MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [
'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class,
'sort' => 200,
],
],
];