Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Get MediaWiki
Get extensions
Tech blog
Contribute
Support
User help
FAQ
Technical manual
Support desk
Communication
Development
Developer portal
Code statistics
mediawiki.org
Community portal
Recent changes
Translate content
Random page
Village pump
Sandbox
Search
English
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Export translations
Translate
English
Language statistics
Message group statistics
Export
Tools
Tools
move to sidebar
hide
Actions
Language statistics
Message group statistics
Export
General
Upload file
Special pages
Printable version
Get shortened URL
Download QR code
<languages/> {{Distinguish|Extension:OATHAuth|Extension:WSOAuth}} {{Extension |status = stable |type1 = user identity |type2 = user rights |type3 = api |username = |author = |description = <section begin=shortdesc /><span lang="en" dir="ltr" class="mw-content-ltr">Allow users to safely authorize another application ("consumer") to use the MediaWiki action API on their behalf.</span><section end=shortdesc /> |download = {{WikimediaDownload|OAuth|phab=EOAU}} |help = {{ll|Help:OAuth}} |compatibility policy = rel |update = continuous updates |bugzilla = OAuth |phabricator = MediaWiki-extensions-OAuth |vagrant-role = oauth |table1 = oauth_accepted_consumer |table2 = oauth_registered_consumer |newhook1 = OAuthReplaceMessage |rights = <nowiki/> *<code>mwoauthproposeconsumer</code> *<code>mwoauthupdateownconsumer</code> *<code>mwoauthmanageconsumer</code> *<code>mwoauthsuppress</code> *<code>mwoauthviewsuppressed</code> *<code>mwoauthviewprivate</code> *<code>mwoauthmanagemygrants</code> }} <section begin=description /> <span lang="en" dir="ltr" class="mw-content-ltr">The '''OAuth''' extension implements an OAuth server in MediaWiki that supports both the [https://oauth.net/core/1.0a/ OAuth 1.0a] and [https://oauth.net/2/ OAuth 2.0] protocol versions.</span> <span lang="en" dir="ltr" class="mw-content-ltr">It allows third party developers to securely develop applications ("consumers"), to which users can give a limited set of permissions ("grants"), so that the application can use the [[Special:MyLanguage/API:Action_API|MediaWiki action API]] on the user's behalf.</span> <section end=description /> {{Note|1=<span lang="en" dir="ltr" class="mw-content-ltr">If you're attempting to develop an application that uses OAuth on a wiki, see [[Special:MyLanguage/OAuth/For Developers|OAuth for Developers]].</span> <span lang="en" dir="ltr" class="mw-content-ltr">If you are trying to use an OAuth-enabled tool on a wiki which has this extension installed, see {{ll|Help:OAuth|OAuth}}.</span>}} <span id="Requirements"></span> == Keperluan == * <span lang="en" dir="ltr" class="mw-content-ltr">OAuth relies on the object cache for temporary tokens and sessions.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This should work as long as [[Special:MyLanguage/Manual:Configuration settings#Cache|cache configuration settings]] are sane.</span> <span lang="en" dir="ltr" class="mw-content-ltr">(Older versions required {{ll|Memcached}} explicitly.)</span> * <span lang="en" dir="ltr" class="mw-content-ltr">Currently, only MySQL and SQLite database backends are supported</span> * <span lang="en" dir="ltr" class="mw-content-ltr">If the MediaWiki installation is private (i.e. users need to log in to have read access), Special:OAuth will need to be added to the [[Special:MyLanguage/Manual:$wgWhitelistRead|white list]].</span> <span id="Installation"></span> == Pemasangan == {{ExtensionInstall |vagrant=oauth |repo-name=OAuth |registration=required |composer=1 |db-update=yes |custom-steps=<nowiki/> * [[#Configuration|<span lang="en" dir="ltr" class="mw-content-ltr">Configure the general parameters as required.</span>]] * [[#User rights|<span lang="en" dir="ltr" class="mw-content-ltr">Configure the user rights by putting them into the relevant groups in <code>$wgGroupPermissions</code>.</span>]] }} <div lang="en" dir="ltr" class="mw-content-ltr"> To assign a permission to some group, for example to sysops, you add following line to <code>LocalSettings.php</code>: </div> <syntaxhighlight lang="php"> $wgGroupPermissions['sysop']['mwoauthproposeconsumer'] = true; </syntaxhighlight> <span id="Configuration"></span> == Konfigurasi == <div lang="en" dir="ltr" class="mw-content-ltr"> === Parameters === </div> {| class="wikitable prettytable" !<span lang="en" dir="ltr" class="mw-content-ltr">Variable name</span> !<span lang="en" dir="ltr" class="mw-content-ltr">Default value</span> !Deskripsi |- | <code>$wgMWOAuthCentralWiki</code> | {{phpi|false}} | <span lang="en" dir="ltr" class="mw-content-ltr">[[Special:MyLanguage/Manual:Wiki ID|Wiki ID]] of OAuth management wiki.</span> <span lang="en" dir="ltr" class="mw-content-ltr">On wiki farms, it makes sense to set this to a wiki that acts as a portal site, is dedicated to management, or just handles login/authentication.</span> <span lang="en" dir="ltr" class="mw-content-ltr">It can, however, be set to any wiki in the farm.</span> <span lang="en" dir="ltr" class="mw-content-ltr">For single-wiki sites or farms where each wiki manages consumers separately, it should be left as {{phpi|false}}.</span> |- | <code>$wgMWOAuthSharedUserIDs</code> | {{phpi|false}} | {{deprecated-inline}} <span lang="en" dir="ltr" class="mw-content-ltr">Use <code>$wgMWOAuthSharedUserSource</code> instead</span> <span lang="en" dir="ltr" class="mw-content-ltr">Whether shared global user IDs are stored in the oauth tables.</span> <span lang="en" dir="ltr" class="mw-content-ltr">On wiki farms with a central authentication system (with integer user IDs) that share a single OAuth management wiki, this must be set to true.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If wikis have a central authentication system but have their own OAuth management, then this can be either {{phpi|true}} or {{phpi|false}}.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Otherwise it should always be set to {{phpi|false}}.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Setting this to true requires CentralIdLookup or an MWOAuth aware authentication extension.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This value should not be changed after the fact to avoid ambigious IDs.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Proper user ID migration should be done before any such changes.</span> |- | <code>$wgMWOAuthSharedUserSource</code> | {{phpi|null}} | <span lang="en" dir="ltr" class="mw-content-ltr">[[Special:MyLanguage/Manual:Central ID|Central ID]] provider when sharing OAuth credentials over a wiki farm</span> <span lang="en" dir="ltr" class="mw-content-ltr">Source of shared user IDs, if enabled.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If CentralIdLookup is available, this is the $providerId for CentralIdLookup::factory().</span> <span lang="en" dir="ltr" class="mw-content-ltr">Generally null would be what you want, to use the default provider.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If that class is not available or the named provider is not found, this is passed to the OAuthGetUserNamesFromCentralIds, OAuthGetLocalUserFromCentralId, OAuthGetCentralIdFromLocalUser, OAuthGetCentralIdFromUserName hooks.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This has no effect if $wgMWOAuthSharedUserIDs is set to false.</span> |- | <code>$wgMWOAuthRequestExpirationAge</code> | {{phpi|{{formatnum:2592000}}}} <span lang="en" dir="ltr" class="mw-content-ltr">(30 days)</span> | <span lang="en" dir="ltr" class="mw-content-ltr">Seconds after which an idle request for a new Consumer is marked as "expired"</span> |- | <code>$wgMWOAuthSecureTokenTransfer</code> | {{phpi|true}} | <span lang="en" dir="ltr" class="mw-content-ltr">Require SSL/TLS for returning Consumer and user secrets.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This is required by {{IETF RFC|5849}}, however if a wiki wants to use OAuth, but doesn't support SSL, this option makes this configuration possible.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This should be set to true for most production settings.</span> |- | <code>$wgOAuthSecretKey</code> | {{phpi|$wgSecretKey}} | <span lang="en" dir="ltr" class="mw-content-ltr">A secret configuration string (random 32-bit string generated using "base64_encode(random_bytes(32))") used to hmac the database-stored secret to produce the shared secrets for Consumers.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This provides some protection against an attacker reading the values out of the consumer table (the attacker would also need $wgOAuthSecretKey to generate valid secrets), and some protection against potential weaknesses in the secret generation.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If this string is compromised, the site should generate a new $wgOAuthSecretKey, which will invalidate Consumer authorizations that use HMAC/shared secret signatures instead of public/private keys.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Consumers can regenerate their new shared secret by using the "Reset the secret key to a new value" option under Special:MWOAuthConsumerRegistration/update.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If null, the value is set to $wgSecretKey.</span> |- | <code>$wgOAuthGroupsToNotify</code> | {{phpi|[]}} | <span lang="en" dir="ltr" class="mw-content-ltr">The list of user groups which should be notified about new consumer proposals.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Setting this will only have an effect when {{ll|Extension:Echo|Echo}} is installed.</span> |- | <code>$wgMWOauthDisabledApiModules</code> | {{phpi|[]}} | <span lang="en" dir="ltr" class="mw-content-ltr">List of API module classes to disable when OAuth is used for the request</span> |- | <code>$wgMWOAuthReadOnly</code> | {{phpi|false}} | <span lang="en" dir="ltr" class="mw-content-ltr">Prevent write activity to the database.</span> <span lang="en" dir="ltr" class="mw-content-ltr">When this is set, consumers cannot be added or updated, and new authorizations are prohibited.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Authorization headers for existing authorizations will continue to work.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Useful for migrating database tables</span> |- | <code>$wgMWOAuthSessionCacheType</code> | {{phpi|$wgSessionCacheType}} | <span lang="en" dir="ltr" class="mw-content-ltr">The storage mechanism for session data.</span> <span lang="en" dir="ltr" class="mw-content-ltr">If null, it defaults to $wgSessionCacheType.</span> |- |<code>$wgOAuthAutoApprove</code> |<code>[]</code> |Allows automatic immediate approval of low-risk apps. In the form of <code>[ 'grants' => [ ''<nowiki/>'grant1', 'grant2', ...'' ] ]</code> |- | <code>$wgOAuth2EnabledGrantTypes</code> | <syntaxhighlight lang="php">[ "authorization_code", "refresh_token", "client_credentials" ]</syntaxhighlight> | <span lang="en" dir="ltr" class="mw-content-ltr">List of OAuth2 grants that client applications can be allowed to use.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Actual grants client application will be allowed to use can be any subset of grants listed here.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Grants, other than the ones listed here, are considered legacy grants, and are not supported by this extension</span> |- | <code>$wgOAuth2PrivateKey</code> | {{phpi|""}} | <span lang="en" dir="ltr" class="mw-content-ltr">Private key or a path to the private key used to sign OAuth2 JWT being transmitted.</span> See the [https://oauth2.thephpleague.com/installation/#generating-public-and-private-keys OAuth 2.0 Server documentation] for how to generate the keys. |- | <code>$wgOAuth2PublicKey</code> | {{phpi|""}} | <span lang="en" dir="ltr" class="mw-content-ltr">Public key or a path to the public key used to verify OAuth2 resource requests.</span> |- | <code>$wgOAuth2RequireCodeChallengeForPublicClients</code> | {{phpi|true}} | <span lang="en" dir="ltr" class="mw-content-ltr">Controls whether clients are required to send code challenges with OAuth2 requests.</span> <span lang="en" dir="ltr" class="mw-content-ltr">This only applies to non-confidential clients.</span> |- | <code>$wgOAuth2GrantExpirationInterval</code> | {{phpi|"PT1H"}} <span lang="en" dir="ltr" class="mw-content-ltr">(1 hour)</span> | <span lang="en" dir="ltr" class="mw-content-ltr">Controls validity period for access tokens (stored in the cache configured in MWOAuthSessionCacheType).</span> <span lang="en" dir="ltr" class="mw-content-ltr">Does not apply to owner-only clients, whose access tokens are always non-expiring.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Accepts ISO 8601 durations or can be set to "infinity" or false for non-expiring tokens.</span> |- | <code>$wgOAuth2RefreshTokenTTL</code> | {{phpi|"P1M"}} <span lang="en" dir="ltr" class="mw-content-ltr">(1 month)</span> | <span lang="en" dir="ltr" class="mw-content-ltr">Controls validity period for refresh tokens (stored in the cache configured in MWOAuthSessionCacheType).</span> <span lang="en" dir="ltr" class="mw-content-ltr">Accepts ISO 8601 durations or can be set to "infinity" or false for non-expiring tokens.</span> |} <div lang="en" dir="ltr" class="mw-content-ltr"> === User rights === </div> {| class="wikitable prettytable" !<span lang="en" dir="ltr" class="mw-content-ltr">Right</span> !Deskripsi |- | <code>mwoauthproposeconsumer</code> || {{int|right-mwoauthproposeconsumer}} |- | <code>mwoauthupdateownconsumer</code> || {{int|right-mwoauthupdateownconsumer}} |- | <code>mwoauthmanageconsumer</code> || {{int|right-mwoauthmanageconsumer}} |- | <code>mwoauthsuppress</code> || {{int|right-mwoauthsuppress}} |- | <code>mwoauthviewsuppressed</code> || {{int|right-mwoauthviewsuppressed}} |- | <code>mwoauthviewprivate</code> || {{int|right-mwoauthviewprivate}} |- | <code>mwoauthmanagemygrants</code> || {{int|right-mwoauthmanagemygrants}} |} <div lang="en" dir="ltr" class="mw-content-ltr"> == Endpoints == </div> <div lang="en" dir="ltr" class="mw-content-ltr"> === OAuth 2.0 REST endpoints === </div> <div lang="en" dir="ltr" class="mw-content-ltr"> The following REST endpoints are provided for OAuth 2.0 interaction </div> {| class="wikitable" style="" |+ !<span lang="en" dir="ltr" class="mw-content-ltr">Path</span> !<span lang="en" dir="ltr" class="mw-content-ltr">Description</span> !<span lang="en" dir="ltr" class="mw-content-ltr">Allowed parameters</span> !<span lang="en" dir="ltr" class="mw-content-ltr">Allowed method</span> |- |/oauth2/authorize |<span lang="en" dir="ltr" class="mw-content-ltr">Used for retrieving authorization code when using authorization_code grant.</span> | {| class="wikitable" ! <span lang="en" dir="ltr" class="mw-content-ltr">Name</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Required?</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Description</span> |- | response_type || {{yes}} | |- | client_id || {{yes}} | |- | redirect_uri || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">if present, must match the URI that was set when client was registered exactly</span> |- | scope || {{no}} | |- | state || {{no}} | |- | code_challenge || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">required if <code>$wgOAuth2RequireCodeChallengeForPublicClients</code> is <code>true</code></span> |- | code_challenge_method || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">required if <code>$wgOAuth2RequireCodeChallengeForPublicClients</code> is <code>true</code></span> |} |GET |- |/oauth2/access_token |<span lang="en" dir="ltr" class="mw-content-ltr">Used for requesting access tokens</span> | {| class="wikitable" ! <span lang="en" dir="ltr" class="mw-content-ltr">Name</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Required?</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Description</span> |- | grant_type || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">type of grant used</span> |- | client_id || {{no}} |- | client_secret || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">required if client is <code>confidential</code></span> |- | redirect_uri || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">if present, must match the URI that was set when client was registered exactly</span> |- | scope || {{no}} |- | code || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">required if <code>authorization_code</code> grant is used</span> |- | refresh_token || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">required if <code>refresh_token</code> grant is used</span> |- | code_verifier || {{no}} |} |POST |- |/oauth2/resource/<nowiki>{{type}}</nowiki> |<span lang="en" dir="ltr" class="mw-content-ltr">Used for retrieving protected resources using the access token issued previously.</span> <div lang="en" dir="ltr" class="mw-content-ltr"> Currently, two resource types can be retrieved using this endpoint, by replacing <code><nowiki>{{type}}</nowiki></code> placeholder with the type key: </div> *<code>profile</code> - <span lang="en" dir="ltr" class="mw-content-ltr">retrieve the user profile of the user that is represented by the access token used to make the request - usually used for logging users in on 3rd party websites using MediaWiki</span> *<code>scopes</code> - <span lang="en" dir="ltr" class="mw-content-ltr">retrieve all scopes client (application) is allowed to use with the current access token</span> |<span lang="en" dir="ltr" class="mw-content-ltr">No parameters are allowed, apart from the <code><nowiki>{{type}}</nowiki></code> parameter that is included in the path</span> |GET/POST |- |/oauth2/client |<span lang="en" dir="ltr" class="mw-content-ltr">Lists OAuth 1.0a or 2.0 clients for the logged-in user.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Authentication can be achieved over [[CentralAuth]] or by including an access token in the authorization header.</span> {{Collapse top|title=<span lang="en" dir="ltr" class="mw-content-ltr">Response example</span>}} <syntaxhighlight lang="json"> { "clients": [ { "client_key": "xxxxxxxxxxxxxx", "name": "TestFromCurl1807", "version": "2.0", "email": "admin@example.com", "callback_url": "http://example.com", "scopes": [ "authonly" ], "registration": "20200818230806", "stage": 0, "oauth_version": 2, "description": "foo", "allowed_grants": [ "authorization_code" ], "registration_formatted": "23:08, 18 August 2020" } ], "total": 1 } </syntaxhighlight> {{Collapse bottom}} | * <code>oauth_version</code> <span lang="en" dir="ltr" class="mw-content-ltr">(optional)</span> - <span lang="en" dir="ltr" class="mw-content-ltr">either 1 (to return only OAuth 1.0a clients) or 2 (to return only OAuth 2.0 clients).</span> <span lang="en" dir="ltr" class="mw-content-ltr">Default:</span> 2 * <span lang="en" dir="ltr" class="mw-content-ltr">Pagination parameters</span> ** <code>limit</code> <span lang="en" dir="ltr" class="mw-content-ltr">(optional)</span> - <span lang="en" dir="ltr" class="mw-content-ltr">maximum number of clients to return.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Default:</span> 25 ** <code>offset</code> <span lang="en" dir="ltr" class="mw-content-ltr">(optional)</span> - <span lang="en" dir="ltr" class="mw-content-ltr">number of clients to skip before returning the first result.</span> <span lang="en" dir="ltr" class="mw-content-ltr">Default:</span> 0 |GET |- |/oauth2/client/{client_key}/reset_secret |<span lang="en" dir="ltr" class="mw-content-ltr">Resets a client secret.</span> <span lang="en" dir="ltr" class="mw-content-ltr">For owner-only clients, this endpoint also resets the access token.</span> {{Collapse top|title=<span lang="en" dir="ltr" class="mw-content-ltr">Response example</span>}} <syntaxhighlight lang="json"> { "name": "Example", "client_key": "xxxxxxxxxx", "secret": "xxxxxxxxxx", "access_token": "xxxxxxxxxx" } </syntaxhighlight> {{Collapse bottom}} | {| class="wikitable" ! <span lang="en" dir="ltr" class="mw-content-ltr">Name</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Required?</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Description</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Default</span> |- | <code>client_key</code> || {{yes}} | | <span lang="en" dir="ltr" class="mw-content-ltr">client identifier</span> |- | <code>reason</code> || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">string containing the reason for resetting the secret.</span> | <code><nowiki>''</nowiki></code> |} |POST |- |/oauth2/client |<span lang="en" dir="ltr" class="mw-content-ltr">Creates an OAuth 2.0 client.</span> {{Collapse top|title=<span lang="en" dir="ltr" class="mw-content-ltr">Response example</span>}} <syntaxhighlight lang="json"> { "name": "Example", "client_key": "xxxxxxxxxx", "secret": "xxxxxxxxxx", "access_token": "xxxxxxxxxx" } </syntaxhighlight> {{Collapse bottom}} | {| class="wikitable" ! <span lang="en" dir="ltr" class="mw-content-ltr">Name</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Required?</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Description</span> ! <span lang="en" dir="ltr" class="mw-content-ltr">Default</span> |- | <code>name</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">client name</span> | |- | <code>description</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">client description</span> | |- | <code>email</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">contact email</span> | |- | <code>is_confidential</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">set to true if the client is confidential; set to false for public clients like mobile and desktop apps</span> | |- | <code>grant_types</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">OAuth 2.0 grant types used by the client, one or more of the following:</span> <code>authorization_code</code>, <code>refresh_token</code>, <code>client_credentials</code> | |- | <code>scopes</code> || {{yes}} | <span lang="en" dir="ltr" class="mw-content-ltr">OAuth 2.0 scopes, either <code>mwoauth-authonly</code>, <code>mwoauth-authonlyprivate</code> or the set of applicable [[meta:Special:ListGrants|grants]]</span> | |- | <code>version</code> || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">client version.</span> | 1.0 |- | <code>wiki</code> || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">applicable project.</span> | <span lang="en" dir="ltr" class="mw-content-ltr">* for all wikis</span> |- | <code>owner_only</code>|| ? | <span lang="en" dir="ltr" class="mw-content-ltr">set to true for a client used only by the creating user</span> | |- | <code>callback_url</code> || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">Return URL for authorizing users.</span> | <code><nowiki>''</nowiki></code> |- | <code>callback_is_prefix</code> || {{no}} | <span lang="en" dir="ltr" class="mw-content-ltr">set to true to allow the client to specify a callback in requests and use the callback URL as a required prefix.</span> | {{phpi|false}} |} |POST |} {{Note|1=<span lang="en" dir="ltr" class="mw-content-ltr">If OAuth credentials are shared over a wiki farm, make sure that real names are used/hidden consistently across all wikis (using {{ll|Manual:$wgHiddenPrefs|$wgHiddenPrefs}}).</span> <span lang="en" dir="ltr" class="mw-content-ltr">On wikis where real names are hidden, the OAuth permission request message that tells the user which information is shared does not mention the real name, so in that case there should not be any other wiki where the OAuth consumer may still get that information from.</span>}} <span id="See_also"></span> == Lihat pula == * {{ll|Extension:OATHAuth}} - <span lang="en" dir="ltr" class="mw-content-ltr">A similarly named extension which implements a second authentication factor using OATH-based one-time passwords.</span> * {{ll|Extension:WSOAuth}} – <span lang="en" dir="ltr" class="mw-content-ltr">A MediaWiki extension that lets your wiki delegate authentication to any OAuth provider using PluggableAuth, including a wiki that is running Extension:OAuth.</span> * {{ll|oauthclient-php}} – <span lang="en" dir="ltr" class="mw-content-ltr">A client library for OAuth consumers.</span> {{OnWikimedia}} {{Used by}} [[Category:LoginFormValidErrorMessages extensions{{#translation:}}]]
Toggle limited content width