Topic on Talk:JADE/Implementations

Direct integration with MediaWiki user identities

2
Summary by Harej (WMF)

Integration with MediaWiki user identities was achieved by building JADE as an extension to MediaWiki.

EpochFail (talkcontribs)

I've been thinking about MediaWiki integration. We don't want to require every 3rd party tool to do an OAuth dance -- especially if a user is already logged in. I was talking to Ladsgroup about how we could borrow a user's logged-in status during MediaWiki integration and he suggested that we use a CSRF token.

This would make it so that we don't need to require users to do an OAuth dance every time they want to use JADE (submit a judgement, suppress a comment, etc.).

EpochFail (talkcontribs)

I've been doing some digging around and I think that JSON web tokens offer a good solution here. Essentially, they wrap up an encoded payload that can be decoded and signature-checked. The security model requires a shared key but does not require that key to be sent with any requests. I'm working on an example for the JADE repo right now. Will have a pull request for that soon.