Wikivoyage talk:Single sign-on help
Add topicSingle sign-on with OpenID
[edit]As Wikivoyage has expanded to 11 language versions and 1 shared wiki, having multiple accounts for different wikis has become more and more of an ordeal. In particular, if we're asking users to upload new images only to shared:, it's a pain to ask them to make a whole separate account for that.
For this reason, I've worked on an MediaWiki extension to let Wikivoyage users log into different Wikivoyage wikis with their account on just one wiki. The technology I used for this was OpenID, an open standard for single sign-on between Web sites. OpenID uses URLs instead of usernames and passwords. To log in to an OpenID site, you give your user page URL from your "home" site.
Of course, it's important to be careful with software that logs in users, so I'm going to try to take this slow. My rollout plan for this software is as follows:
- The software is installed on http://wikivoyage.org/review/ . You can log into review: with an OpenID from other sites (like MyOpenID, GetOpenID, TypeKey, or ClaimID). You can also use a user page on review: as an OpenID, like http://wikivoyage.org/review/User:Evan . To log in to review:, go to http://wikivoyage.org/review/Special:OpenIDLogin
- After a day or two, I'll enable the server on the language versions of Wikivoyage, so you can log into review: using an account from other Wikivoyage wiki. You won't be able to log into the main wikis from outside, though.
- After that, I'll enable the client on shared:, but only allow logins from other Wikivoyage sites.
- Enable the client on all Wikivoyage sites, but only allow logins from other Wikivoyage sites.
- Allow logins from other sites.
I've talked to other MediaWiki sites like Wikimedia, Wikia, and Wikihow, and they'd like to set up this extension so that users of all these different projects can log into each others' wikis quickly and easily. If we can do it judiciously, and avoid security bugs, I think that'll be a great way to help all these different projects. I think having our single-signon solution for Wikivoyage become useful for signing onto other sites, too, is really a great thing.
If you want to test out the feature, you can do two things. First, if you want to use an OpenID to log into review:, go to http://wikivoyage.org/review/Special:OpenIDLogin . I recommend using MyOpenID, since as far as I can tell they're the only public service that supports the OpenID Simple Registration Extension 1.0, but it's good to test with the other services, too.
Also, feel free to use a user account on review: to log in to another OpenID-aware Web site. If you have an account on en:, your account on review: has the same username and password. (The database is copied from en: sometime this morning.) You can also create an account on review: if you don't already have one. Then, use the URL of your user page to log in to another OpenID-aware site; see https://www.myopenid.com/directory for some suggestions. (review: IDs are just for testing, and since that site will probably be updated with DBs from other language versions or experimental software, please don't count on those IDs being permanent.) You'll have to answer some questions (whether you want to let the client site use your ID); please answer as you see fit.
I still have some things I want TODO with the code before rolling it out; specifically, making it easier to manage your OpenID preferences. Also, it'd be great to "convert" existing accounts into OpenID accounts, so people like me who have accounts on all 12 Wikivoyage versions can use OpenID to log in to them. More detailed information is in the README. Thanks for your time and attention. --(WT-en) Evan 13:37, 13 July 2006 (EDT)
- I think this is horribly complex from the user's point of view, I do IT for a living and the paragraphs of bafflegab above make it sound like it's easier to stick a fork in my eye than try to understand this. Isn't there any way of doing the right thing(tm), which is that Jpatokal/mysecretpassword would Just Work(tm) on all sites, and logging in on one would log you into all of them? If you want to use OpenID system to implement this in the backend, why not automatically expand "Jpatokal" into eg "http://shared.wikivoyage.org/wiki/User:Jpatokal"? (WT-en) Jpatokal 13:44, 22 July 2006 (EDT)
- OpenID is harder to explain than use. Basically, the only complication is that you must give the site that knows your password permission to let wikivoyage know it's you. But it's just like one or two simple forms you have to fill out in your web browser and then boom you're done. There are two big advantages we get from this:
- En-wikivoyagers will be able to log into the other wikivoyages without creating an account. And xx-wikivoyageers can comment here and sign their names without needing to create yet-another account here.
- Wikipedians who do drive-by editing here will be able to log in without creating a new account, so it's more likely we'll be able to ask questions when needed about their contributions -- because we'll know which Wikipedia talk page to use to prod them about it.
- It'll be easier to understand once Evan has it running on review. -- (WT-en) Colin 14:29, 22 July 2006 (EDT)
- It's been running on review: for a week, actually! Anyways, yes, that's the main gist of the system. Probably a third item would be for people who already have blogs with It's now running on shared:, see wts:Project:Travellers' pub. As to why this way: I want to do single-signon with other wikis anyways, so writing two SSO systems (one for internal, one for external) is kind of a hassle. If following along with my staging process is a head-twister, I completely understand. --(WT-en) Evan 14:46, 22 July 2006 (EDT)
- OpenID is harder to explain than use. Basically, the only complication is that you must give the site that knows your password permission to let wikivoyage know it's you. But it's just like one or two simple forms you have to fill out in your web browser and then boom you're done. There are two big advantages we get from this:
- In the interest of transparency I've tried to throw as much information out there as I can about the rollout of this technology. That's probably a mistake; I should separate the user documentation from the logbook of development info. Let me see if I can explain it more succinctly:
- If you don't have an account on Wikivoyage Shared, go to wts:Special:OpenIDLogin and enter the interwiki name for your user page (like en:User:Jpatokal). You will be logged in automatically.
- If you already have an account on Wikivoyage Shared, and you want to log in with OpenID in the future, log in to that account normally (user name and password), and then go to wts:Special:OpenIDConvert. Enter the interwiki name for your user page. The next time you log in, you can log in with wts:Special:OpenIDLogin instead. --(WT-en) Evan 17:48, 22 July 2006 (EDT)
- I tried logging into Shared as en:User:Jpatokal, but then it says "Your preferred nickname (Jpatokal) is already in use by another user.", presumably because I already have an account on Shared...!? (WT-en) Jpatokal 23:33, 22 July 2006 (EDT)
- Yeah, me too... and when I try to use this converter I just get an error (The OpenID you provided is not allowed to login to this server.)... would be nice to use though! Am I doing something wrong? (WT-en) ::: Cacahuate 02:44, 25 January 2007 (EST)
Translation done
[edit]All MediaWiki database messages related to OpenID on sv: have now been translated and we are ready to be enabled. (WT-en) Riggwelter 08:23, 22 July 2006 (EDT)
- That's great. Right now users with an account on any language version of Wikivoyage can log in to shared: with OpenID. After that seems OK, I'll set it up so people can log into any language version with an account from any other language version. --(WT-en) Evan 13:28, 22 July 2006 (EDT)
Q&A
[edit]What is this?
- Verification error
- An error occured during verification of the OpenID URL.
I'm doing what it says in the howto, trying to join nl:Peirz to en:User:Peirz. If I try the full URL I get a similar error, something about URL verification failing. Sounds like a great feature though. Thanks ! 218.81.155.169 09:24, 10 March 2007 (EST)
- Uh.. anyone ? :| Could the developers please have a look if it's possible to make "An error occured" more descriptive, so I get an idea of what I'm doing wrong ? Thanks... {(WT-en) Peirz 00:01, 19 April 2007 (EDT)}
- I get the same issue too @ http://www.housereview.com/wiki/index.php?title=Special:OpenIDLogin - anyone have an idea about this?
Similar stuff here: "Verification of the OpenID URL was cancelled.", for de:Benutzer:Schoschi as well as for http://de.wikivoyage.org/wiki/Benutzer:Schoschi. --06:47, 17 May 2008 (EDT)