Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)
(10 intermediate revisions by the same user not shown) | |||
Line 26: | Line 26: | ||
=== Register new client === | === Register new client === | ||
… /Special:OAuthConsumerRegistration/propose | … /Special:OAuthConsumerRegistration/propose | ||
+ | |||
+ | [[File:Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)_2022-03-29_18-24-23_image0.png|center|640px]] | ||
+ | |||
+ | * Record consumer key and secret «You have been assigned a consumer token of xxxx and a secret token of yyyy. Please record these for future reference». | ||
+ | |||
+ | … /Special:OAuthConsumerRegistration/list | ||
+ | |||
+ | [[File:Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)_2022-03-29_21-05-59_image0.png|center|640px]] | ||
+ | |||
+ | |||
+ | … /Special:OAuthManageConsumers | ||
+ | |||
+ | [[File:Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)_2022-03-29_21-08-04_image0.png||400px]] | ||
+ | |||
+ | … /Special:OAuthManageConsumers/proposed | ||
+ | |||
+ | [[File:Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)_2022-03-29_21-09-59_image0.png||400px]] | ||
+ | |||
+ | … Find appropriate row in table «oauth_register», column «oarc_grants» insert in cell rights: | ||
+ | <pre> | ||
+ | ["authonly", "authonlyprivate"] | ||
+ | </pre> | ||
+ | |||
+ | ;Todo: Why where is not frontend interface for doing so? May be need patch. | ||
+ | |||
+ | |||
+ | === Install Cocalc === | ||
+ | * https://github.com/belonesox/cocalc branch «belonesox-stable» or «belonesox-oauth1». | ||
+ | * Go to PostgresQL database «SMC», table «passport_settings» | ||
+ | * add row with «oauth1» key, and value like this | ||
+ | |||
+ | |||
+ | <source lang="javascript"> | ||
+ | { | ||
+ | "icon": "https://yourwiki.site/img_auth.php/6/6f/ThisWikiLogo.png", | ||
+ | "type": "oauth1", | ||
+ | "scope": [ | ||
+ | "id", | ||
+ | "email" | ||
+ | ], | ||
+ | "public": true, | ||
+ | "display": "YourWikiLogin", | ||
+ | "login_info": { | ||
+ | "emails": "emails[0].value" | ||
+ | }, | ||
+ | "consumerKey": "xxxxxxxxxxxxx", | ||
+ | "userinfoURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fidentify", | ||
+ | "accessTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Ftoken", | ||
+ | "consumerSecret": "yyyyyyyyyyyyy", | ||
+ | "requestTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Finitiate", | ||
+ | "userAuthorizationURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fauthorize" | ||
+ | } | ||
+ | </source> | ||
+ | |||
+ | Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, | ||
+ | all authorized users will be mapped to one user of cocalc. | ||
+ | {{wl-publish: 2022-04-08 02:29:45 +0300 | StasFomin }} |
Latest revision as of 02:29, 8 April 2022
- The Idea
CoCalc (my fork) is great service for scientific realtime collaboration (jupyter notebooks, latex editing, PDF articles sharing). But it is not suitable for creating Team Portal/Dashboard, and Team Knowledge Base. Lot of loosely connected projects, impossibility of consistenly linked/renamed pages, … So better to have MediaWiki (MediaWiki4IntraNet) + CoCalc with authorization on the MediaWiki. Additionaly to Content Features, this binging get interesting possibilities to Team Authorization. For example, «extensions/LdapAuthentication» allows MediaWiki authenticate by LDAP, but is is not possible without radical patching, add LDAP Auth to Cocalc.
So, how to do it.
For MediaWiki4IntraNet, install REL1_26 branch of our fork https://github.com/mediawiki4intranet/mediawiki-extensions-OAuth (branch REL1_26 unusable and need patch).
Add this to LocalSettings:
$wgGroupPermissions['user']['mwoauthproposeconsumer'] = true; $wgGroupPermissions['user']['mwoauthupdateownconsumer'] = true; $wgGroupPermissions['user']['mwoauthmanageconsumer'] = true; $wgGroupPermissions['user']['mwoauthsuppress'] = true; $wgGroupPermissions['user']['mwoauthviewsuppressed'] = true; $wgGroupPermissions['user']['mwoauthviewprivate'] = true; $wgGroupPermissions['user']['mwoauthmanagemygrants'] = true;
Register new client
… /Special:OAuthConsumerRegistration/propose
- Record consumer key and secret «You have been assigned a consumer token of xxxx and a secret token of yyyy. Please record these for future reference».
… /Special:OAuthConsumerRegistration/list
… /Special:OAuthManageConsumers
… /Special:OAuthManageConsumers/proposed
… Find appropriate row in table «oauth_register», column «oarc_grants» insert in cell rights:
["authonly", "authonlyprivate"]
- Todo
- Why where is not frontend interface for doing so? May be need patch.
Install Cocalc
- https://github.com/belonesox/cocalc branch «belonesox-stable» or «belonesox-oauth1».
- Go to PostgresQL database «SMC», table «passport_settings»
- add row with «oauth1» key, and value like this
{ "icon": "https://yourwiki.site/img_auth.php/6/6f/ThisWikiLogo.png", "type": "oauth1", "scope": [ "id", "email" ], "public": true, "display": "YourWikiLogin", "login_info": { "emails": "emails[0].value" }, "consumerKey": "xxxxxxxxxxxxx", "userinfoURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fidentify", "accessTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Ftoken", "consumerSecret": "yyyyyyyyyyyyy", "requestTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Finitiate", "userAuthorizationURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fauthorize" }
Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, all authorized users will be mapped to one user of cocalc.