MediaWiki OAuth2 Extension Documentation

From binaryoption
Jump to navigation Jump to search
Баннер1
  1. MediaWiki OAuth2 Extension Documentation
    1. Introduction

The OAuth 2.0 extension for MediaWiki allows users to authenticate with third-party services (like Google, Facebook, Twitter, etc.) without sharing their credentials directly with the wiki. This enhances security and provides a seamless user experience. This article provides a comprehensive guide for beginners on understanding, installing, configuring, and using the MediaWiki OAuth2 extension. We will cover the core concepts, necessary steps, and troubleshooting tips. This guide assumes you have a basic understanding of MediaWiki administration and server access. Before proceeding, ensure you have a backup of your wiki.

    1. What is OAuth 2.0?

OAuth 2.0 (Open Authorization) is an open standard for authorization. It allows a user to grant a third-party application (like our MediaWiki installation) limited access to their resources on another service (like Google) *without* giving the third-party application their password. Instead of sharing credentials, a user grants permission (authorization) through a secure process involving tokens. This is significantly more secure than traditional username/password authentication, especially as users often reuse passwords across multiple sites.

Think of it like giving a hotel concierge a keycard instead of your house key. The concierge (MediaWiki) can access specific parts of your house (Google account) but doesn't have the master key (your password).

Key concepts include:

  • **Resource Owner:** The user who owns the data being accessed (e.g., you with your Google account).
  • **Client:** The application requesting access (e.g., your MediaWiki wiki).
  • **Authorization Server:** The service that authenticates the user and issues authorization grants (e.g., Google).
  • **Resource Server:** The service that hosts the protected resources (e.g., Google's servers holding your data).
  • **Authorization Grant:** A credential representing the resource owner's authorization.
  • **Access Token:** A credential issued by the Authorization Server that the Client uses to access the Resource Server.
  • **Refresh Token:** A credential used to obtain a new Access Token without requiring the user to re-authorize.
    1. Prerequisites

Before installing the OAuth2 extension, ensure you have the following:

  • **MediaWiki 1.35 or higher:** This extension requires a relatively recent version of MediaWiki. Check your version in the `LocalSettings.php` file or via the Special:Version page.
  • **PHP 7.4 or higher:** The extension has PHP dependency.
  • **Server Access:** You'll need access to your MediaWiki server to upload files and modify configuration. This usually involves SSH access or a file manager provided by your hosting provider.
  • **SSL/TLS:** It's *strongly* recommended to have a valid SSL/TLS certificate installed on your MediaWiki instance. OAuth 2.0 is designed to work over HTTPS for security reasons. Most browsers will block OAuth flows on insecure (HTTP) connections.
  • **Registered Application with the Provider:** You must register your MediaWiki installation as an application with the OAuth 2.0 provider (e.g., Google, Facebook, Twitter). This will give you a **Client ID** and **Client Secret**, which are essential for configuration. The registration process varies depending on the provider; refer to their developer documentation. See [Google Developers](https://developers.google.com/), [Facebook for Developers](https://developers.facebook.com/), and [Twitter Developer Platform](https://developer.twitter.com/).
    1. Installation

1. **Download the Extension:** Download the latest version of the OAuth2 extension from the MediaWiki Extensions repository. You can find it at [1](https://www.mediawiki.org/wiki/Extension:OAuth2). 2. **Upload the Files:** Unzip the downloaded archive and upload the `OAuth2` directory to your MediaWiki's `extensions` directory. 3. **Configure `LocalSettings.php`:** Open your `LocalSettings.php` file (located in the root directory of your MediaWiki installation) and add the following line:

```php require_once("$IP/extensions/OAuth2/OAuth2.php"); ```

4. **Enable the Extension:** Add the following to your `LocalSettings.php` file, within the `$wgExtensions` array:

```php $wgExtensions[] = 'OAuth2'; ```

    1. Configuration

After installation, you need to configure the extension to work with your chosen OAuth 2.0 provider. This is done through the `OAuth2` section in `LocalSettings.php`. Here's a breakdown of the key configuration options:

  • **`$wgOAuth2Providers`:** This is the main array where you define your OAuth 2.0 providers. Each provider is defined as an associative array with the following keys:
   * **`name`:** A unique name for the provider (e.g., 'google', 'facebook').
   * **`class`:** The class name for the provider.  The extension provides classes for common providers, or you can create a custom class for others.
   * **`clientId`:** Your application's Client ID obtained from the provider.
   * **`clientSecret`:** Your application's Client Secret obtained from the provider.
   * **`redirectUri`:** The URL on your MediaWiki installation where the provider will redirect the user after authorization. This *must* match the redirect URI you registered with the provider. Typically, this is `https://yourwiki.com/index.php?title=Special:OAuth2Login`. Replace `yourwiki.com` with your actual domain.
   * **`scope`:** A space-separated list of permissions you are requesting from the provider (e.g., 'profile email').  Refer to the provider's documentation for available scopes.
   * **`debug`:**  Set to `true` for debugging purposes. This will log more detailed information. Set to `false` in production.
   * **`providerOptions`:** An array of provider-specific options. These options vary depending on the provider. Consult the extension’s documentation and the provider’s API documentation for available options.
    • Example Configuration (Google):**

```php $wgOAuth2Providers = array( 

   'google' => array(
       'name' => 'Google',
       'class' => 'OAuth2Google',
       'clientId' => 'YOUR_GOOGLE_CLIENT_ID',
       'clientSecret' => 'YOUR_GOOGLE_CLIENT_SECRET',
       'redirectUri' => 'https://yourwiki.com/index.php?title=Special:OAuth2Login',
       'scope' => 'profile email',
       'debug' => false,
   ),

); ```

  • **`$wgOAuth2LoginButtons`:** This array defines which OAuth 2.0 providers will be displayed on the login page (Special:Login). It's a simple array of provider names defined in `$wgOAuth2Providers`.
    • Example Configuration:**

```php $wgOAuth2LoginButtons = array( 'google' ); ```

  • **`$wgOAuth2AutoLogin`:** If set to `true`, users who successfully authenticate with an OAuth 2.0 provider will be automatically logged in to the wiki. Defaults to `false`.
  • **`$wgOAuth2AllowAnonymous`:** If set to `true`, anonymous users can use OAuth2 to create an account. Defaults to `false`.
    1. Usage

Once configured, users can log in to your MediaWiki using their OAuth 2.0 accounts.

1. **Navigate to Special:Login:** Users should go to the Special:Login page (either directly or through the "Log in" link on your wiki). 2. **Select the Provider:** The login page will display buttons for the providers you configured in `$wgOAuth2LoginButtons`. Users click the button for their desired provider. 3. **Authorization Flow:** The user will be redirected to the provider's authorization page. They will be prompted to log in (if not already logged in) and grant your MediaWiki application the requested permissions (scopes). 4. **Redirection and Login:** After granting permissions, the provider will redirect the user back to your MediaWiki installation. The OAuth2 extension will then handle the exchange of authorization codes for access tokens and automatically log the user in (if `$wgOAuth2AutoLogin` is set to `true`).

    1. Customizing User Data

The OAuth2 extension provides hooks that allow you to customize the user data retrieved from the provider and how it's used to create or update user accounts in MediaWiki. You can use these hooks to map provider attributes (e.g., email, name) to MediaWiki user properties. Refer to the extension’s documentation for details on available hooks and how to use them.

    1. Troubleshooting
  • **"Invalid Client ID or Secret":** Double-check that your Client ID and Client Secret are correct in `LocalSettings.php`.
  • **"Redirect URI Mismatch":** Ensure that the `redirectUri` in `LocalSettings.php` *exactly* matches the redirect URI you registered with the OAuth 2.0 provider. This is a common source of errors.
  • **"Missing Scope":** If the provider is not granting access to certain data, make sure you have requested the necessary scopes in `LocalSettings.php`.
  • **"SSL/TLS Required":** If you're getting errors related to SSL/TLS, ensure that your MediaWiki installation is accessible over HTTPS.
  • **Debugging:** Enable the `debug` option in your provider configuration (`'debug' => true`) to log more detailed information. Check the MediaWiki error logs for clues.
  • **Check Extension Installation:** Verify the extension is correctly loaded by checking Special:Version.
    1. Security Considerations
  • **Protect Your Client Secret:** Treat your Client Secret as a password. Do not share it publicly or commit it to version control.
  • **Use HTTPS:** Always use HTTPS to protect the OAuth 2.0 flow.
  • **Request Only Necessary Scopes:** Only request the permissions (scopes) that your application absolutely needs. Minimize the risk of data breaches by limiting access.
  • **Regularly Review Permissions:** Periodically review the permissions granted to your application and revoke any unnecessary ones.
  • **Keep the Extension Updated:** Keep the OAuth2 extension updated to the latest version to benefit from security fixes and improvements.
    1. Advanced Configuration and Customization
  • **Custom Providers:** You can create custom providers for OAuth 2.0 services that are not directly supported by the extension. This requires writing a PHP class that implements the necessary interfaces.
  • **Custom Hooks:** Utilize the extension’s hooks to modify the user data retrieval and account creation process.
  • **Integration with Other Extensions:** The OAuth2 extension can be integrated with other MediaWiki extensions to provide more advanced features.
    1. Resources & Further Reading

Special:MyUserPage Help:Contents Manual:Configuration Extension:OAuth2/API Special:OAuth2Login MediaWiki FAQ MediaWiki release notes MediaWiki security best practices Help:Extensions Manual:Configuring authentication

Start Trading Now

Sign up at IQ Option (Minimum deposit $10) Open an account at Pocket Option (Minimum deposit $5)

Join Our Community

Subscribe to our Telegram channel @strategybin to receive: ✓ Daily trading signals ✓ Exclusive strategy analysis ✓ Market trend alerts ✓ Educational materials for beginners

Баннер
Retrieved from "https://binaryoption.wiki/index.php?title=MediaWiki_OAuth2_Extension_Documentation&oldid=45716"