Connect Cocalc by OAuth with MediaWiki (MediaWiki4IntraNet)
(→Install Cocalc) |
|||
Line 82: | Line 82: | ||
Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, | Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, | ||
all authorized users will be mapped to one user of cocalc. | all authorized users will be mapped to one user of cocalc. | ||
+ | {{wl-publish: 2022-04-08 02:29:45 +0300 | StasFomin }} |
Latest revision as of 02:29, 8 April 2022
- The Idea
CoCalc (my fork) is great service for scientific realtime collaboration (jupyter notebooks, latex editing, PDF articles sharing). But it is not suitable for creating Team Portal/Dashboard, and Team Knowledge Base. Lot of loosely connected projects, impossibility of consistenly linked/renamed pages, … So better to have MediaWiki (MediaWiki4IntraNet) + CoCalc with authorization on the MediaWiki. Additionaly to Content Features, this binging get interesting possibilities to Team Authorization. For example, «extensions/LdapAuthentication» allows MediaWiki authenticate by LDAP, but is is not possible without radical patching, add LDAP Auth to Cocalc.
So, how to do it.
For MediaWiki4IntraNet, install REL1_26 branch of our fork https://github.com/mediawiki4intranet/mediawiki-extensions-OAuth (branch REL1_26 unusable and need patch).
Add this to LocalSettings:
$wgGroupPermissions['user']['mwoauthproposeconsumer'] = true; $wgGroupPermissions['user']['mwoauthupdateownconsumer'] = true; $wgGroupPermissions['user']['mwoauthmanageconsumer'] = true; $wgGroupPermissions['user']['mwoauthsuppress'] = true; $wgGroupPermissions['user']['mwoauthviewsuppressed'] = true; $wgGroupPermissions['user']['mwoauthviewprivate'] = true; $wgGroupPermissions['user']['mwoauthmanagemygrants'] = true;
Register new client
… /Special:OAuthConsumerRegistration/propose
- Record consumer key and secret «You have been assigned a consumer token of xxxx and a secret token of yyyy. Please record these for future reference».
… /Special:OAuthConsumerRegistration/list
… /Special:OAuthManageConsumers
… /Special:OAuthManageConsumers/proposed
… Find appropriate row in table «oauth_register», column «oarc_grants» insert in cell rights:
["authonly", "authonlyprivate"]
- Todo
- Why where is not frontend interface for doing so? May be need patch.
Install Cocalc
- https://github.com/belonesox/cocalc branch «belonesox-stable» or «belonesox-oauth1».
- Go to PostgresQL database «SMC», table «passport_settings»
- add row with «oauth1» key, and value like this
{ "icon": "https://yourwiki.site/img_auth.php/6/6f/ThisWikiLogo.png", "type": "oauth1", "scope": [ "id", "email" ], "public": true, "display": "YourWikiLogin", "login_info": { "emails": "emails[0].value" }, "consumerKey": "xxxxxxxxxxxxx", "userinfoURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fidentify", "accessTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Ftoken", "consumerSecret": "yyyyyyyyyyyyy", "requestTokenURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Finitiate", "userAuthorizationURL": "https://yourwiki.site/index.php?title=Special%3AOAuth%2Fauthorize" }
Important! Check that key "userinfoURL" exists, because users matching works by email, if this key absent, all authorized users will be mapped to one user of cocalc.