From 440ad374ad3242c0d11c696d8275d6631a10b68d Mon Sep 17 00:00:00 2001 From: mshd Date: Sat, 2 Jul 2022 11:53:27 +0800 Subject: [PATCH 1/5] Add Wikimedia Oauth Provider --- apps/dev/.env.local.example | 3 + apps/dev/pages/api/auth/[...nextauth].ts | 6 +- packages/next-auth/src/providers/wikimedia.ts | 185 ++++++++++++++++++ 3 files changed, 193 insertions(+), 1 deletion(-) create mode 100644 packages/next-auth/src/providers/wikimedia.ts diff --git a/apps/dev/.env.local.example b/apps/dev/.env.local.example index 109d5a59cb..9f8819002f 100644 --- a/apps/dev/.env.local.example +++ b/apps/dev/.env.local.example @@ -50,3 +50,6 @@ DATABASE_URL= BOXYHQSAML_ISSUER="https://jackson-demo.boxyhq.com" BOXYHQSAML_ID="tenant=boxyhq.com&product=saml-demo.boxyhq.com" BOXYHQSAML_SECRET="dummy" + +WIKIMEDIA_ID= +WIKIMEDIA_SECRET= \ No newline at end of file diff --git a/apps/dev/pages/api/auth/[...nextauth].ts b/apps/dev/pages/api/auth/[...nextauth].ts index 041ac8450c..833cb380d4 100644 --- a/apps/dev/pages/api/auth/[...nextauth].ts +++ b/apps/dev/pages/api/auth/[...nextauth].ts @@ -31,7 +31,7 @@ import PatreonProvider from "next-auth/providers/patreon" import TraktProvider from "next-auth/providers/trakt" import WorkOSProvider from "next-auth/providers/workos" import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml" - +import WikimediaProvider from "next-auth/providers/wikimedia" // import { PrismaAdapter } from "@next-auth/prisma-adapter" // import { PrismaClient } from "@prisma/client" // const prisma = new PrismaClient() @@ -206,6 +206,10 @@ export const authOptions: NextAuthOptions = { clientId: process.env.BOXYHQSAML_ID, clientSecret: process.env.BOXYHQSAML_SECRET, }), + WikimediaProvider({ + clientId: process.env.WIKIMEDIA_ID, + clientSecret: process.env.WIKIMEDIA_SECRET, + }), ], debug: true, theme: { diff --git a/packages/next-auth/src/providers/wikimedia.ts b/packages/next-auth/src/providers/wikimedia.ts new file mode 100644 index 0000000000..4e017c0c44 --- /dev/null +++ b/packages/next-auth/src/providers/wikimedia.ts @@ -0,0 +1,185 @@ +import type { OAuthConfig, OAuthUserConfig } from "." + +export type WikimediaGroup = + | "*" + | "user" + | "autoconfirmed" + | "extendedconfirmed" + | "bot" + | "sysop" + | "bureaucrat" + | "steward" + | "accountcreator" + | "import" + | "transwiki" + | "ipblock-exempt" + | "oversight" + | "rollbacker" + | "propertycreator" + | "wikidata-staff" + | "flood" + | "translationadmin" + | "confirmed" + | "flow-bot" + | "checkuser" + +export type WikimediaGrant = + | "basic" + | "blockusers" + | "checkuser" + | "createaccount" + | "delete" + | "editinterface" + | "editmycssjs" + | "editmyoptions" + | "editmywatchlist" + | "editpage" + | "editprotected" + | "editsiteconfig" + | "globalblock" + | "highvolume" + | "import" + | "mergehistory" + | "oath" + | "oversight" + | "patrol" + | "privateinfo" + | "protect" + | "rollback" + | "sendemail" + | "shortenurls" + | "uploadfile" + | "viewdeleted" + | "viewmywatchlist" + +export type WikimediaRight = + | "abusefilter-log" + | "apihighlimits" + | "applychangetags" + | "autoconfirmed" + | "autopatrol" + | "autoreview" + | "bigdelete" + | "block" + | "blockemail" + | "bot" + | "browsearchive" + | "changetags" + | "checkuser" + | "checkuser-log" + | "createaccount" + | "createpage" + | "createpagemainns" + | "createtalk" + | "delete" + | "delete-redirect" + | "deletedhistory" + | "deletedtext" + | "deletelogentry" + | "deleterevision" + | "edit" + | "edit-legal" + | "editinterface" + | "editmyoptions" + | "editmyusercss" + | "editmyuserjs" + | "editmyuserjson" + | "editmywatchlist" + | "editprotected" + | "editsemiprotected" + | "editsitecss" + | "editsitejs" + | "editsitejson" + | "editusercss" + | "edituserjs" + | "edituserjson" + | "globalblock" + | "import" + | "importupload" + | "ipblock-exempt" + | "item-merge" + | "item-redirect" + | "item-term" + | "markbotedits" + | "massmessage" + | "mergehistory" + | "minoredit" + | "move" + | "move-subpages" + | "movefile" + | "movestable" + | "mwoauth-authonlyprivate" + | "nominornewtalk" + | "noratelimit" + | "nuke" + | "patrol" + | "patrolmarks" + | "property-create" + | "property-term" + | "protect" + | "purge" + | "read" + | "reupload" + | "reupload-own" + | "reupload-shared" + | "rollback" + | "sendemail" + | "skipcaptcha" + | "suppressionlog" + | "tboverride" + | "templateeditor" + | "torunblocked" + | "transcode-reset" + | "translate" + | "undelete" + | "unwatchedpages" + | "upload" + | "upload_by_url" + | "viewmywatchlist" + | "viewsuppressed" + | "writeapi" + +export interface WikimediaProfile extends Record { + sub: string + username: string + editcount: number + confirmed_email: boolean + blocked: boolean + registered: string + groups: WikimediaGroup[] + rights: WikimediaRight[] + grants: WikimediaGrant[] + realname: string + email: string +} + +/** + * Wikimedia OAuth2 provider. + * All Wikimedia wikis are supported. Wikipedia, Wikidata, etc... + * + * (Register)[https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration] + * (Documentation)[https://www.mediawiki.org/wiki/Extension:OAuth] + */ +export default function Wikimedia

( + options: OAuthUserConfig

+): OAuthConfig

{ + return { + id: "wikimedia", + name: "Wikimedia", + type: "oauth", + token: "https://meta.wikimedia.org/w/rest.php/oauth2/access_token", + userinfo: "https://meta.wikimedia.org/w/rest.php/oauth2/resource/profile", + authorization: { + url: "https://meta.wikimedia.org/w/rest.php/oauth2/authorize", + params: { scope: "" }, + }, + profile(profile) { + return { + id: profile.sub, + name: profile.username, + email: profile.email, + } + }, + options, + } +} From ce48b1f68d104ed899cf34be5a2ce4b7d0e5a8db Mon Sep 17 00:00:00 2001 From: mshd Date: Sat, 2 Jul 2022 12:13:58 +0800 Subject: [PATCH 2/5] add docs --- docs/docs/providers/wikimedia.md | 48 ++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 docs/docs/providers/wikimedia.md diff --git a/docs/docs/providers/wikimedia.md b/docs/docs/providers/wikimedia.md new file mode 100644 index 0000000000..5b14eeae93 --- /dev/null +++ b/docs/docs/providers/wikimedia.md @@ -0,0 +1,48 @@ +--- +id: wikimedia +title: Wikimedia +--- + +## Documentation + +https://www.mediawiki.org/wiki/Extension:OAuth + +This provider also supports all Wikimedia projects: + +- Wikipedia +- Wikidata +- Wikibooks +- Wiktionary +- etc.. + +Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login. + +## Configuration + +https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration + +After registration, you can initally test your application only with your Wikimedia account, but you may have to wait several days for the application to be approved for it to be used by everyone. + +Add the following redirect URL into the console `http:///api/auth/callback/wikimedia` + +## Options + +The **Wikimedia Provider** comes with a set of default options: + +- [Wikimedia Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/wikimedia.ts) + +You can override any of the options to suit your own use case. + +## Example + +```js +import WikimediaProvider from "next-auth/providers/wikimedia"; +... +providers: [ + WikimediaProvider({ + clientId: process.env.WIKIMEDIA_CLIENT_ID, + clientSecret: process.env.WIKIMEDIA_CLIENT_SECRET + }) +] +... +``` From e9ce3090ca11e2083401b58a71eb4e675b5f1fc4 Mon Sep 17 00:00:00 2001 From: Nico Domino Date: Sun, 10 Jul 2022 13:41:16 +0200 Subject: [PATCH 3/5] Update wikimedia.md --- docs/docs/providers/wikimedia.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/docs/providers/wikimedia.md b/docs/docs/providers/wikimedia.md index 5b14eeae93..fc5d839fe1 100644 --- a/docs/docs/providers/wikimedia.md +++ b/docs/docs/providers/wikimedia.md @@ -19,7 +19,8 @@ Please be aware that Wikimedia accounts do not have to have an associated email ## Configuration -https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration +1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration +2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 After registration, you can initally test your application only with your Wikimedia account, but you may have to wait several days for the application to be approved for it to be used by everyone. From fc98d84185d4ebc8c447003f21956be0eb97f5ca Mon Sep 17 00:00:00 2001 From: Nico Domino Date: Sun, 10 Jul 2022 13:46:55 +0200 Subject: [PATCH 4/5] Update wikimedia.md --- docs/docs/providers/wikimedia.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/providers/wikimedia.md b/docs/docs/providers/wikimedia.md index fc5d839fe1..2769c653ff 100644 --- a/docs/docs/providers/wikimedia.md +++ b/docs/docs/providers/wikimedia.md @@ -21,6 +21,8 @@ Please be aware that Wikimedia accounts do not have to have an associated email 1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration 2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 + 2a. Do not check the box next to `This consumer is only for [your username]` + 2b. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.` After registration, you can initally test your application only with your Wikimedia account, but you may have to wait several days for the application to be approved for it to be used by everyone. From 096d201c4b2300711a7f1ab2f1ecdb0e6023421b Mon Sep 17 00:00:00 2001 From: Nico Domino Date: Sun, 10 Jul 2022 13:48:20 +0200 Subject: [PATCH 5/5] Update wikimedia.md --- docs/docs/providers/wikimedia.md | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/docs/providers/wikimedia.md b/docs/docs/providers/wikimedia.md index 2769c653ff..47d3f2533e 100644 --- a/docs/docs/providers/wikimedia.md +++ b/docs/docs/providers/wikimedia.md @@ -21,12 +21,11 @@ Please be aware that Wikimedia accounts do not have to have an associated email 1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration 2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2 - 2a. Do not check the box next to `This consumer is only for [your username]` - 2b. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.` + 2a. Add the following redirect URL into the console `http:///api/auth/callback/wikimedia` + 2b. Do not check the box next to `This consumer is only for [your username]` + 2c. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.` -After registration, you can initally test your application only with your Wikimedia account, but you may have to wait several days for the application to be approved for it to be used by everyone. - -Add the following redirect URL into the console `http:///api/auth/callback/wikimedia` +After registration, you can initally test your application only with your own Wikimedia account. You may have to wait several days for the application to be approved for it to be used by everyone. ## Options