Available from version 1.27.0
A login attempt either succeeded or failed for a reason other than misconfiguration or session loss. No return data is accepted; this hook is for auditing only.
Define function:
public static function onAuthManagerLoginAuthenticateAudit( $response, $user, $username, $extraData ) { ... }
Attach hook: In extension.json:
	"Hooks": {
		"AuthManagerLoginAuthenticateAudit": "MediaWiki\\Extension\\MyExtension\\Hooks::onAuthManagerLoginAuthenticateAudit"
Called from: File(s): auth/AuthManager.php
Interface: AuthManagerLoginAuthenticateAuditHook.php

For more information about attaching hooks, see Manual:Hooks .
For examples of extensions using this hook, see Category:AuthManagerLoginAuthenticateAudit extensions.

Details edit

  • $response - the MediaWiki\Auth\AuthenticationResponse in either a PASS or FAIL state. (Note that while FAIL usually means that the system found the login attempt invalid and prevented it, that's not always the case. It could also be caused by some sort of internal error preventing an otherwise valid attempt, e.g. user autocreation failing due to a database transaction timeout. The error message in the response will help tell those cases apart.)
  • $user - if the authentication process got to the point where the identity of the user could be determined, this will contain the corresponding User object; otherwise, null. More specifically, this parameter will be set if primary authentication was successful (e.g. successfully providing the username and password but then failing a TOTP check will result in a FAIL with a filled $user parameter).
  • $username - a guess at the user name being authenticated, or null if we can't even determine that. (The latter can happen e.g. when using something like GoogleLogin where the user just clicks a button without entering any username.)
  • $extraData - an associative array with additional data:
    • performer (Since MW 1.42) - the User object performing the login. (Usually this is the anonymous user, but logged-in users can also use the login page to log into a different account.)
    • appId - the application ID (bot name). Only present when logging in with a bot password.

Before AuthManager, the LoginAuthenticateAudit hook was used.