I'm using the python-social-auth library. As far as I can tell, it only supports OAuth 1.
https://python-social-auth.readthedocs.io/en/latest/backends/mediawiki.html > On Mar 2, 2026, at 12:24 PM, Jonathan Tweed via Wikitech-l > <[email protected]> wrote: > > On Mon, 2 Mar 2026 at 16:52, Roy Smith <[email protected]> wrote: >> >> Why 2.0? All of my OAuth consumers use 1.0a. Will I need to generate new >> consumer keys? > > This is primarily because OAuth 2.0 uses access tokens that are > formatted as JWTs, which we can validate extremely efficiently in > services outside of MediaWiki. That means we can use authentication as > a signal in abuse detection at the CDN without affecting performance, > likewise using it to apply global API rate limits in an API gateway > that sits in front of all MediaWiki instances. > > If tools are running on WMCS, this will exempt you from the limits > even when using OAuth 1.0. > > For tools outside WMCS, OAuth 1.0 consumers will work as long as you > also send cookies as this will include a JWT cookie in the request > that we can validate in place of an OAuth 2.0 access token. > > If neither of these are possible, then yes, it would make sense to > generate new OAuth 2.0 clients. > > Best > Jonathan > _______________________________________________ > Wikitech-l mailing list -- [email protected] > To unsubscribe send an email to [email protected] > https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
_______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
