Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)

From Wiki4Intranet
Jump to: navigation, search
(Install Cocalc)
 
Line 82: Line 82:
 
Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent,
 
Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent,
 
all authorized users will be mapped to one user of cocalc.
 
all authorized users will be mapped to one user of cocalc.
 +
{{wl-publish: 2022-04-08 02:29:45 +0300 | StasFomin }}

Latest revision as of 02:29, 8 April 2022

The Idea

CoCalc (my fork) is great service for scientific realtime collaboration (jupyter notebooks, latex editing, PDF articles sharing). But it is not suitable for creating Team Portal/Dashboard, and Team Knowledge Base. Lot of loosely connected projects, impossibility of consistenly linked/renamed pages, … So better to have MediaWiki (MediaWiki4IntraNet) + CoCalc with authorization on the MediaWiki. Additionaly to Content Features, this binging get interesting possibilities to Team Authorization. For example, «extensions/LdapAuthentication» allows MediaWiki authenticate by LDAP, but is is not possible without radical patching, add LDAP Auth to Cocalc.

So, how to do it.

For MediaWiki4IntraNet, install REL1_26 branch of our fork https://github.com/mediawiki4intranet/mediawiki-extensions-OAuth (branch REL1_26 unusable and need patch).

Add this to LocalSettings:

$wgGroupPermissions['user']['mwoauthproposeconsumer'] = true;
$wgGroupPermissions['user']['mwoauthupdateownconsumer'] = true;
$wgGroupPermissions['user']['mwoauthmanageconsumer'] = true;
$wgGroupPermissions['user']['mwoauthsuppress'] = true;
$wgGroupPermissions['user']['mwoauthviewsuppressed'] = true;
$wgGroupPermissions['user']['mwoauthviewprivate'] = true;
$wgGroupPermissions['user']['mwoauthmanagemygrants'] = true;

Register new client

… /Special:OAuthConsumerRegistration/propose

Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet) 2022-03-29 18-24-23 image0.png
  • Record consumer key and secret «You have been assigned a consumer token of xxxx and a secret token of yyyy. Please record these for future reference».

… /Special:OAuthConsumerRegistration/list

Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet) 2022-03-29 21-05-59 image0.png


… /Special:OAuthManageConsumers

Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet) 2022-03-29 21-08-04 image0.png

… /Special:OAuthManageConsumers/proposed

Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet) 2022-03-29 21-09-59 image0.png

… Find appropriate row in table «oauth_register», column «oarc_grants» insert in cell rights:

["authonly", "authonlyprivate"]
Todo
Why where is not frontend interface for doing so? May be need patch.


Install Cocalc

  • https://github.com/belonesox/cocalc branch «belonesox-stable» or «belonesox-oauth1».
  • Go to PostgresQL database «SMC», table «passport_settings»
  • add row with «oauth1» key, and value like this


{
    "icon": "https://yourwiki.site/img_auth.php/6/6f/ThisWikiLogo.png",
    "type": "oauth1",
    "scope": [
        "id",
        "email"
    ],
    "public": true,
    "display": "YourWikiLogin",
    "login_info": {
        "emails": "emails[0].value"
    },
    "consumerKey": "xxxxxxxxxxxxx",
    "userinfoURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fidentify",
    "accessTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Ftoken",
    "consumerSecret": "yyyyyyyyyyyyy",
    "requestTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Finitiate",
    "userAuthorizationURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fauthorize"
}

Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, all authorized users will be mapped to one user of cocalc.