Manual:$wgAuthManagerAutoConfig
From mediawiki.org
| Authentication: $wgAuthManagerAutoConfig | |
|---|---|
| Register authentication providers to use with AuthManager |
|
| Introduced in version: | 1.27.0 (Gerrit change 195297; git #d245bd25) |
| Removed in version: | Still in use |
| Allowed values: | see below |
| Default value: | see below |
| Other settings: Alphabetical | By function | |
Extensions need to register their AuthenticationProvider implementations via this setting for AuthManager to pick it up.
Allowed values
[edit ]A hash with three keys, each key a list of ObjectFactory specifications:
[ 'preauth' => [ /* list of pre-authentication providers */ ], 'primaryauth' => [ /* list of primary authentication providers */ ], 'secondaryauth' => [ /* list of secondary authentication providers */ ], ]
Beyond the usual ObjectFactory parameters, a special sort parameter is also recognized; this will determine the effective order of the providers (defaults to 0; smaller first; sorting is stable).
The convention is to use the provider's class name as its array key (as a convenience for site admins wanting to change it; AuthManager ignores array keys).
Example
[edit ]$wgAuthManagerAutoConfig['preauth'] = [ 'MyPreAuthenticationProvider' => [ 'class' => 'MyPreAuthenticationProvider', 'args' => [ 'arg1', 'arg2' ], ], ];
or, if the extension uses extension registration (preferable):
{ //... "AuthManagerAutoConfig":{ "preauth":{ "MyPreAuthenticationProvider":{ "class":"MyPreAuthenticationProvider", "args":["arg1","arg2"] } } }, //... }
This will create a pre-authentication provider object with new MyPreAuthenticationProvider( 'arg1', 'arg2' ), and register it as one of the authentication providers.
Default value
[edit ] MediaWiki version:
≥ 1.43
$wgAuthManagerAutoConfig = [ 'preauth' => [ ThrottlePreAuthenticationProvider::class => [ 'class' => ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ // TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right. // Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place. TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => TemporaryPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'args' => [ [ // Fall through to LocalPasswordPrimaryAuthenticationProvider 'authoritative' => false, ] ], 'sort' => 0, ], LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => LocalPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'args' => [ [ // Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails. 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], // Linking during login is experimental, enable at your own risk - T134952 // ConfirmLinkSecondaryAuthenticationProvider::class => [ // 'class' => ConfirmLinkSecondaryAuthenticationProvider::class, // 'sort' => 100, // ], EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => EmailNotificationSecondaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'sort' => 200, ], ], ];
MediaWiki versions:
1.41 – 1.42
$wgAuthManagerAutoConfig = [ 'preauth' => [ \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ // TemporaryPasswordPrimaryAuthenticationProvider should come before any other PasswordAuthenticationRequest-based PrimaryAuthenticationProvider (or at least any that might return FAIL rather than ABSTAIN for a wrong password), or password reset won't work right. // Do not remove this (or change the key) or auto-configuration of other such providers in extensions will probably auto-insert themselves in the wrong place. \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'args' => [ [ // Fall through to LocalPasswordPrimaryAuthenticationProvider 'authoritative' => false, ] ], 'sort' => 0, ], \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'args' => [ [ // Last one should be authoritative, or else the user will get a less-than-helpful error message (something like "supplied authentication info not supported" rather than "wrong password") if it too fails. 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], // Linking during login is experimental, enable at your own risk - T134952 // \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [ // 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class, // 'sort' => 100, // ], \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancerFactory', ], 'sort' => 200, ], ], ];
MediaWiki versions:
1.39 – 1.40
$wgAuthManagerAutoConfig = [ 'preauth' => [ \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ // TemporaryPasswordPrimaryAuthenticationProvider should come before // any other PasswordAuthenticationRequest-based // PrimaryAuthenticationProvider (or at least any that might return // FAIL rather than ABSTAIN for a wrong password), or password reset // won't work right. Do not remove this (or change the key) or // auto-configuration of other such providers in extensions will // probably auto-insert themselves in the wrong place. \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'args' => [ [ // Fall through to LocalPasswordPrimaryAuthenticationProvider 'authoritative' => false, ] ], 'sort' => 0, ], \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'args' => [ [ // Last one should be authoritative, or else the user will get // a less-than-helpful error message (something like "supplied // authentication info not supported" rather than "wrong // password") if it too fails. 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], // Linking during login is experimental, enable at your own risk - T134952 // \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [ // 'class' => \MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class, // 'sort' => 100, // ], \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => \MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'sort' => 200, ], ], ];
MediaWiki versions:
1.37 – 1.38
$wgAuthManagerAutoConfig = [ 'preauth' => [ MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ // TemporaryPasswordPrimaryAuthenticationProvider should come before // any other PasswordAuthenticationRequest-based // PrimaryAuthenticationProvider (or at least any that might return // FAIL rather than ABSTAIN for a wrong password), or password reset // won't work right. Do not remove this (or change the key) or // auto-configuration of other such providers in extensions will // probably auto-insert themselves in the wrong place. MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'args' => [ [ // Fall through to LocalPasswordPrimaryAuthenticationProvider 'authoritative' => false, ] ], 'sort' => 0, ], MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'args' => [ [ // Last one should be authoritative, or else the user will get // a less-than-helpful error message (something like "supplied // authentication info not supported" rather than "wrong // password") if it too fails. 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], // Linking during login is experimental, enable at your own risk - T134952 // MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class => [ // 'class' => MediaWiki\Auth\ConfirmLinkSecondaryAuthenticationProvider::class, // 'sort' => 100, // ], MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class, 'services' => [ 'DBLoadBalancer', ], 'sort' => 200, ], ], ];
MediaWiki versions:
1.33 – 1.36
$wgAuthManagerAutoConfig = [ 'preauth' => [ MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class, 'args' => [ [ 'authoritative' => false, ] ], 'sort' => 0, ], MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class, 'args' => [ [ 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class, 'sort' => 200, ], ], ];
MediaWiki versions:
1.27 – 1.32
$wgAuthManagerAutoConfig = [ 'preauth' => [ MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\LegacyHookPreAuthenticationProvider::class, 'sort' => 0, ], MediaWiki\Auth\ThrottlePreAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ThrottlePreAuthenticationProvider::class, 'sort' => 0, ], ], 'primaryauth' => [ MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\TemporaryPasswordPrimaryAuthenticationProvider::class, 'args' => [ [ 'authoritative' => false, ] ], 'sort' => 0, ], MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\LocalPasswordPrimaryAuthenticationProvider::class, 'args' => [ [ 'authoritative' => true, ] ], 'sort' => 100, ], ], 'secondaryauth' => [ MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\CheckBlocksSecondaryAuthenticationProvider::class, 'sort' => 0, ], MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\ResetPasswordSecondaryAuthenticationProvider::class, 'sort' => 100, ], MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class => [ 'class' => MediaWiki\Auth\EmailNotificationSecondaryAuthenticationProvider::class, 'sort' => 200, ], ], ];