Enabling social login


#1

Any reason not to enable social login (GitHub at the least)? Given that the primary identifier of a user is their email address, it can’t conflict too badly with Wikipedia OAuth once that gets supported.


#2

What happens if I log in with GitHub, and then later log in with Wikipedia OAuth because I forgot which one I logged in with, but they’re both the same email address? Will it let me use either as a login, or will it tell me I already have an account and not let me use the new method?


#3

Maybe we can enable Phabricator as an OAuth provider, so people can log in here with their Phabriactor accounts? This looks interesting:



#4

As long as the email address is the same, your credentials will be merged.


#5

That would be nice too.


#6

No strong opinion and enabling social logins is technically trivial. However, before enabling any social login here, we need to assure that such social login will be enabled in the production instance.

I wonder, who has a say on this? Ops? Security? Legal? Or am I making things too complicated?

From a social point of view (pun intended), there is also a difference between “internal” authentication like Wikimedia SUL or this Wikimedia Phabricator connector… and third party services like GitHub.

Fun facts, the services that Discourse supports out of the box are GitHub, Google, Yahoo, Twitter, Instagram and Facebook.


#7

Not really; users are identified by email and in the worst case can always use that to do a password reset and the claim the account.

Those all, and probably someone from the product side; also it’s a development task (the third-party auth management in MediaWiki is not so polished). It would be worth it IMO. I don’t think it’s a blocker though.

Depends on the intended audience, but if we want a Q&A/support site for new developers or (especially) reusers, they are much more likely to have a GitHub account than a Wikipedia one.

Adding those would just result in unnecessary controversy, IMO. (Maybe Google less than the others.)


#8

I reckon enabling login with Phab would be great, and perhaps Github too (and what about maybe Stack Exchange?)… the others I sort of think aren’t really necessary. It’s not like it’s that hard to register a email-and-password account here.


#9

Tracking yet another password is a chore; it tends to keep me from registering to places that I am somewhat curious about but not particularly committed to. In fact I would disable username-and-password login here if possible, to make the login/registration page simpler.

Phab login would be good, yeah; and that solves the issue of Wikimedia login as well.


#10

After thinking a bit more… Social logins, the Wikimedia Phabricator login and username-and-password are basically stop gaps for this pilot until Wikimedia SSO is implemented, right? We can expect that someone needing Wikimedia Developer Support will have / will need a Wikimedia account. This is the same assumption that Wikimedia Phabricator has.

If we agree on this premise and we agree that none of these methods to create accounts will make it to production, we are more free to try them out here in the pilot.

Should we just enable GitHub login and see how it goes? I still would like to be sure that @bd808 (Wikimedia Cloud Services) and someone in the Legal team are aware, just in case and out of politeness.

Should we try Discourse Phabricator Connect? For this I would create a… Phabricator task since it requires more coordination.


#11

Depends on what audience you are targeting. If it’s Wikimedia developers (as with Phabricator) then yes, they’ll have a Wikimedia account (and if not, they’ll need it eventually anyway). If it includes third-party MediaWiki users and administrators, and developers using Wikimedia APIs (the kind of people who now ask on StackOverflow), they probably won’t have or need a Wikimedia account, and while creating one is very little time, it’s unnecessary extra friction.

Yes and yes, IMO. There is no drawback to it; if it’s problematic, it can be easily disabled since users are identified via email so we aren’t locked into the registration method.


#12

Yes, I agree, let’s enable both Github and Phabricator login. :slight_smile: Huzza

That’s a good point @tgr about devs not having to have a Wikimedia account. I was rather assuming they would (or would want to, or we’d want to encourage them to at least), but there isn’t really any absolute need.


#13

Alright, time to work then.


#14

Resolved by @Tgr. Thank you! Testers welcome.


#15

That’s great.

@qgil What can I help with Phabricator login?


#16

@bekicot poking us is a good way to help. :smiley:

I have installed your Discourse plugin. The Phabricator part is being discussed at https://phabricator.wikimedia.org/T184987


#17

It would be great to have “Login with Google” as an option on the list… as that’s what I imagine new developers would frequently use to log in to other platforms and it would be great to have that option available.


#18

This is another option that in principle is technically trivial but might deserve some discussion. @aklapper @Tgr @samwilson, any opinions to enable Google login for the pilot? (enabling it in production will be a separate discussion, same as with GitHub).


#19

Same discussions / opinions apply as for any other ‘external’ login API, I’d say?


#20

@aklapper what are those discussions / opinions? Since this is a test pilot that tries to address old problems differently, I think it is fine not to apply automatically any past assumptions.