Extension:PasswordlessLogin

MediaWiki extensions manual

Passwordless Login Release status: experimental
Implementation	User identity
Author(s)	Florian Schmidt (Florianschmidtwelzowtalk)
Latest version	0.0.1
MediaWiki	1.35+
Database changes	Yes
License	MIT License
Download	Download extension Git [?]: Download Git master browse repository (GitHub) commit history repository contributors (GitHub) code review
Parameters $wgPLEnableApiVerification $wgPLFirebaseSenderId $wgPLFirebaseAccessToken
Hooks used AuthChangeFormFields BeforePageDisplay LoadExtensionSchemaUpdates
Quarterly downloads	0
Translate the PasswordlessLogin extension if it is available at translatewiki.net
Issues	Open tasks · Report a bug

The Passwordless Login extension is an experimental extension that was created during the Wikimedia Hackathon 2019 in Prague. It allows an user to login to their user account on a MediaWiki site without entering their password anymore. Instead they can confirm that they want to login with their previously paired smartphone.

The login mechanism can be considered secure as long as the MediaWiki site where the user wants to login is accessible by https only. There's task T224049 which, if implemented, requires the user of https at all.

• Download and move the extracted PasswordlessLogin folder to your extensions/ directory.
  Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/PasswordlessLogin
• Add the following code at the bottom of your LocalSettings.php file:

  wfLoadExtension( 'PasswordlessLogin' );
  

• Run the update script which will automatically create the necessary database tables that this extension needs.
•  Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

• PLFirebaseAccessToken: The access token you can retrieve from your Firebase project under the settings. This access token is used to be able to send messages to an Android device to verify the login.

This extension requires a second factor in order to work. There's an Android app, which implements the counterpart of this extension. The app is published on the Google Play Store. However, you can also build it yourself from the sources.

The Android app, which is built from these sources, does not save any personal related information or communicates with any service except the MediaWiki sites you connect this app with. The app will communicate with the Firebase Cloud Messaging service in order to generate a unique ID, with which a single device can be identified. This ID is transmitted to the MediaWiki sites you register within the app and will be saved on the servers hosting this site. The ID is used to create a login prompt when you login on one of the registered MediaWiki sites.