On Thu, Apr 22, 2021 at 3:46 PM Alex Monk <[email protected]> wrote: > > The Wikimania wiki is part of the production cluster so gets privileged > access to the production CentralAuth database. I'm not sure if the prod wikis > can act as an identity provider for other sites to consume > > On Thu, 22 Apr 2021 at 19:27, Denny Vrandečić <[email protected]> > wrote: >> >> I would love to do the same! Can you point me to your configuration? >> >> On Wed, Apr 21, 2021 at 9:03 PM billinghurst <[email protected]> >> wrote: >>> >>> Hi Denny, >>> >>> As a spam defence for Wikimania, we disallowed local account generation, >>> and just leverage WMF's SULs, similarly did the same for wikidata-test to >>> great effect. The one thing that we did was to change the login link to >>> point to somewhere they could create an account. [1] Great success, though >>> not 100% effective against manual spammers, or those that trawl.
I believe that the `wsoauth` role in MediaWiki-Vagrant can do what Denny is looking for. That role provisions <https://www.mediawiki.org/wiki/Extension:WSOAuth> and configures it to use a shared OAuth grant which works for local testing at a "http://dev.wiki.local.wmftest.net"; host (<https://meta.wikimedia.org/wiki/Special:OAuthManageConsumers/20c96d141c4ac5bea4fadd6824f6ebda>). Beyond using `vagrant roles enable wsoauth`, a Cloud VPS hosted MediaWiki-Vagrant wiki would need to apply for a new OAuth grant that contains the callback URL of the hosted wiki (<https://<something>.wmcloud.org/...>) and then add the OAuth key and secret values for the new grant to the local MediaWiki-Vagrant's hiera configuration. This might look something like: $ vagrant role enable wsoauth $ vagrant hiera role::wsoauth::oauth_key "the key for the new grant" $ vagrant hiera role::wsoauth::oauth_secret "the secret for the new grant" $ vagrant provision Bryan -- Bryan Davis Technical Engagement Wikimedia Foundation Principal Software Engineer Boise, ID USA [[m:User:BDavis_(WMF)]] irc: bd808 _______________________________________________ Wikimedia Cloud Services mailing list [email protected] (formerly [email protected]) https://lists.wikimedia.org/mailman/listinfo/cloud
