Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(providers): Add Wikimedia Oauth Provider #4813

Merged
merged 6 commits into from Jul 10, 2022
Merged

feat(providers): Add Wikimedia Oauth Provider #4813

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
440ad37
Add Wikimedia Oauth Provider
mshd Jul 2, 2022
ce48b1f
add docs
mshd Jul 2, 2022
e9ce309
Update wikimedia.md
ndom91 Jul 10, 2022
fc98d84
Update wikimedia.md
ndom91 Jul 10, 2022
096d201
Update wikimedia.md
ndom91 Jul 10, 2022
d68b22d
Merge branch 'main' into wikimedia
mshd Jul 10, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
3 changes: 3 additions & 0 deletions apps/dev/.env.local.example
View file
Open in desktop
Expand Up @@ -50,3 +50,6 @@ DATABASE_URL=
BOXYHQSAML_ISSUER="https://jackson-demo.boxyhq.com"
BOXYHQSAML_ID="tenant=boxyhq.com&product=saml-demo.boxyhq.com"
BOXYHQSAML_SECRET="dummy"

WIKIMEDIA_ID=
WIKIMEDIA_SECRET=
5 changes: 5 additions & 0 deletions apps/dev/pages/api/auth/[...nextauth].ts
View file
Open in desktop
Expand Up @@ -32,6 +32,7 @@ import PatreonProvider from "next-auth/providers/patreon"
import TraktProvider from "next-auth/providers/trakt"
import WorkOSProvider from "next-auth/providers/workos"
import BoxyHQSAMLProvider from "next-auth/providers/boxyhq-saml"
import WikimediaProvider from "next-auth/providers/wikimedia"

// TypeORM
import { TypeORMLegacyAdapter } from "@next-auth/typeorm-legacy-adapter"
Expand Down Expand Up @@ -229,6 +230,10 @@ export const authOptions: NextAuthOptions = {
clientId: process.env.BOXYHQSAML_ID,
clientSecret: process.env.BOXYHQSAML_SECRET,
}),
WikimediaProvider({
clientId: process.env.WIKIMEDIA_ID,
clientSecret: process.env.WIKIMEDIA_SECRET,
}),
],
debug: true,
theme: {
Expand Down
50 changes: 50 additions & 0 deletions docs/docs/providers/wikimedia.md
View file
Open in desktop
@@ -0,0 +1,50 @@
---
id: wikimedia
title: Wikimedia
---

## Documentation

https://www.mediawiki.org/wiki/Extension:OAuth

This provider also supports all Wikimedia projects:

- Wikipedia
- Wikidata
- Wikibooks
- Wiktionary
- etc..

Please be aware that Wikimedia accounts do not have to have an associated email address. So you may want to add check if the user has an email address before allowing them to login.

## Configuration

1. Go to and accept the Consumer Registration doc: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration
2. Request a new OAuth 2.0 consumer to get the `clientId` and `clientSecret`: https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose/oauth2
2a. Add the following redirect URL into the console `http://<your-next-app-url>/api/auth/callback/wikimedia`
2b. Do not check the box next to `This consumer is only for [your username]`
2c. Unless you explicitly need a larger scope, feel free to select the radio button labelled `User identity verification only - no ability to read pages or act on the users behalf.`

After registration, you can initally test your application only with your own Wikimedia account. You may have to wait several days for the application to be approved for it to be used by everyone.

## Options

The **Wikimedia Provider** comes with a set of default options:

- [Wikimedia Provider options](https://github.com/nextauthjs/next-auth/blob/main/packages/next-auth/src/providers/wikimedia.ts)

You can override any of the options to suit your own use case.

## Example

```js
import WikimediaProvider from "next-auth/providers/wikimedia";
...
providers: [
WikimediaProvider({
clientId: process.env.WIKIMEDIA_CLIENT_ID,
clientSecret: process.env.WIKIMEDIA_CLIENT_SECRET
})
]
...
```
185 changes: 185 additions & 0 deletions packages/next-auth/src/providers/wikimedia.ts
View file
Open in desktop
@@ -0,0 +1,185 @@
import type { OAuthConfig, OAuthUserConfig } from "."

export type WikimediaGroup =
| "*"
| "user"
| "autoconfirmed"
| "extendedconfirmed"
| "bot"
| "sysop"
| "bureaucrat"
| "steward"
| "accountcreator"
| "import"
| "transwiki"
| "ipblock-exempt"
| "oversight"
| "rollbacker"
| "propertycreator"
| "wikidata-staff"
| "flood"
| "translationadmin"
| "confirmed"
| "flow-bot"
| "checkuser"

export type WikimediaGrant =
| "basic"
| "blockusers"
| "checkuser"
| "createaccount"
| "delete"
| "editinterface"
| "editmycssjs"
| "editmyoptions"
| "editmywatchlist"
| "editpage"
| "editprotected"
| "editsiteconfig"
| "globalblock"
| "highvolume"
| "import"
| "mergehistory"
| "oath"
| "oversight"
| "patrol"
| "privateinfo"
| "protect"
| "rollback"
| "sendemail"
| "shortenurls"
| "uploadfile"
| "viewdeleted"
| "viewmywatchlist"

export type WikimediaRight =
| "abusefilter-log"
| "apihighlimits"
| "applychangetags"
| "autoconfirmed"
| "autopatrol"
| "autoreview"
| "bigdelete"
| "block"
| "blockemail"
| "bot"
| "browsearchive"
| "changetags"
| "checkuser"
| "checkuser-log"
| "createaccount"
| "createpage"
| "createpagemainns"
| "createtalk"
| "delete"
| "delete-redirect"
| "deletedhistory"
| "deletedtext"
| "deletelogentry"
| "deleterevision"
| "edit"
| "edit-legal"
| "editinterface"
| "editmyoptions"
| "editmyusercss"
| "editmyuserjs"
| "editmyuserjson"
| "editmywatchlist"
| "editprotected"
| "editsemiprotected"
| "editsitecss"
| "editsitejs"
| "editsitejson"
| "editusercss"
| "edituserjs"
| "edituserjson"
| "globalblock"
| "import"
| "importupload"
| "ipblock-exempt"
| "item-merge"
| "item-redirect"
| "item-term"
| "markbotedits"
| "massmessage"
| "mergehistory"
| "minoredit"
| "move"
| "move-subpages"
| "movefile"
| "movestable"
| "mwoauth-authonlyprivate"
| "nominornewtalk"
| "noratelimit"
| "nuke"
| "patrol"
| "patrolmarks"
| "property-create"
| "property-term"
| "protect"
| "purge"
| "read"
| "reupload"
| "reupload-own"
| "reupload-shared"
| "rollback"
| "sendemail"
| "skipcaptcha"
| "suppressionlog"
| "tboverride"
| "templateeditor"
| "torunblocked"
| "transcode-reset"
| "translate"
| "undelete"
| "unwatchedpages"
| "upload"
| "upload_by_url"
| "viewmywatchlist"
| "viewsuppressed"
| "writeapi"

export interface WikimediaProfile extends Record<string, any> {
sub: string
username: string
editcount: number
confirmed_email: boolean
blocked: boolean
registered: string
groups: WikimediaGroup[]
rights: WikimediaRight[]
grants: WikimediaGrant[]
realname: string
email: string
}

/**
* Wikimedia OAuth2 provider.
* All Wikimedia wikis are supported. Wikipedia, Wikidata, etc...
*
* (Register)[https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration]
* (Documentation)[https://www.mediawiki.org/wiki/Extension:OAuth]
*/
export default function Wikimedia<P extends WikimediaProfile>(
options: OAuthUserConfig<P>
): OAuthConfig<P> {
return {
id: "wikimedia",
name: "Wikimedia",
type: "oauth",
token: "https://meta.wikimedia.org/w/rest.php/oauth2/access_token",
userinfo: "https://meta.wikimedia.org/w/rest.php/oauth2/resource/profile",
authorization: {
url: "https://meta.wikimedia.org/w/rest.php/oauth2/authorize",
params: { scope: "" },
},
profile(profile) {
return {
id: profile.sub,
name: profile.username,
email: profile.email,
}
},
options,
}
}