Enabling social login


#21

I think enable it, sure.

But there could be some auth providers we wouldn’t want to enable. Maybe Twitter and Facebook are rather common login methods, but could perhaps not be seen as relevant here? At least Github is pretty useful for developers, and I guess Google is as well (although less so).


#22

https://phabricator.wikimedia.org/T16
https://phabricator.wikimedia.org/T200
https://phabricator.wikimedia.org/T169007


#23

https://phabricator.wikimedia.org/T16 ended up with https://www.mediawiki.org/wiki/Phabricator/FAQ#Why_can.27t_I_login_using_my_GitHub_or_Google_account.3F\

Why can’t I login using my GitHub or Google account?

Although Phabricator has authentication plugins for GitHub, Google, and other identity providers, we have decided not to use them. With two Wikimedia alternatives that cover virtually all Wikimedia contributors, more options are not really necessary. Besides, these services depend on proprietary third party sites, and they might raise concerns about privacy and commercial interests.

Reading the 2014 discussion one can see how @qgil was a strong defender of this option. :wink: Many others were mildly in favour, to lower the entry barrier. Our Security manager at the time was fine with enabling these logins.

First of all, I am happy to review my own assumptions from 3-4 years back. But also there is the point of Wikimedia Phabricator and Wikimedia Developer Support, targeting not the same audiences, neither the same use cases. In Phabricator (task management, bug reporting) we can expect a majority of users with a Wikimedia SUL account and a longer term use of Phabricator. However, here we can expect more developers with a short term need and no Wikimedia account. Sending them to MediaWiki.org to create an account ust to have their question answered here might be perceived just as too much effort by many people in our target audience.

https://phabricator.wikimedia.org/T200

Here the reasoning was that having Wikimedia SUL account, GitHub login was not needed. The fact is that today we don’t have Wikimedia SUL in this pilot (and we have enabled GitHub login).

https://phabricator.wikimedia.org/T169007
This is basically a repetition of the arguments seen in the two tasks above. They again revolve on the idea that Wikimedia people should have Wikimedia SUL accounts. This space attempts to attract developers who don’t have Wikimedia SUL accounts (yet?) and in any case we don’t have Wikimedia SUL support for Discourse.

For all these reasons, I think keeping GitHub login and enabling GMail at least while Wikimedia SUL arrives, is worthwhile as part of the test pilot.


#24

I would support it but then I might be biased :slight_smile:

Ideally, Wikimedia would allow Google (and maybe GitHub) login, we would use Wikimedia login, and people could do one-click registration on the Wikimedia login page using their Google etc. account. (The benefit would be that every Discourse account is bound to a Wikimedia account and we don’t recreate the same confusion that you can see on IRC where it’s hard to tell whom you are talking to.) In absence of that, allowing those login methods in Discourse sounds reasonable (as long as we ask people to use the same username and email address as in Wikimedia projects).


#25

Alright, who takes this one? https://phabricator.wikimedia.org/T185961


#26

@qgil can you try setting the Phabricator login credentials again?


#27

Ah, yes, I will try after the update.


#28

Wikimedia Phabricator login enabled and it works! https://phabricator.wikimedia.org/T184987#4169146


#29

I have disabled local account creation. Now users can only sign up / log in through Wikimedia Phabricator and GitHub logins.


Promoting this communication channel
#30

Thanks Quim!

Google login is still blocked on lack of privacy policy etc. Given that Legal has not acted on that for months, would it be helpful if we came up with a temporary one? It’s bound to better than our current inaccurate claim that we honor the WMF privacy policy (which will only be true once we use production machines).


#31

I think enabling Google login would be too much?