Skip to content


MediaWiki Authentication Using Twitter and OAuth

The Dev8D wiki I set up for a recent JISC event uses OAuth to allow people to log in to the wiki using their twitter accounts (or users can register for wiki accounts in the usual way).

As promised in an earlier post, here’s a rough guide to how it was done.

1. Set up MediaWiki

I won’t go into details of how to do this here, but first step should be download and install a recent release of MediaWiki.

For a new wiki, I’d recommend installation of the reCAPTCHA plugin, to prevent automatic account registrations from spam bots.

I’d also prevent anonymous editing/creation of pages on the wiki, by adding the following lines to the bottom of your LocalSettings.php:

# Disable anonymous editing and page creation
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['create'] = false;

2. Create a new table in the MediaWiki database

Create a table named ‘twitter_users’ in your wiki database, with the following fields:

CREATE TABLE IF NOT EXISTS `twitter_users` (
    `user_id` int(10) unsigned NOT NULL,
    `twitter_id` varchar(255) NOT NULL,
    PRIMARY KEY  (`user_id`),
    UNIQUE KEY `twitter_id` (`twitter_id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

Note: If you’re using a prefix for your wiki database tables, this ‘twitter_users’ table will also need the prefix.

This table maps MediaWiki user accounts to twitter user accounts. It’s used to track whether an account on MediaWiki was created using twitter OAuth or not, and ensures only accounts created from twitter can be authenticated against twitter.

Without this, someone could create a twitter account with the same username as a non-twitter based wiki account (such as an admin account), and gain access.

3. Register a new twitter application

Go to http://twitter.com/oauth_clients, and follow the “Register a new application” link.

Fill in the fields as follows:

  • Application Icon: anything you like
  • Application Name: anything you like
  • Description: anything you like
  • Application Website: http://[your wiki base URL]/
  • Organization: anything you like
  • Website: anything you like
  • Application Type: Browser
  • Callback URL: http://[your wiki base URL]/oauth/callback.php
  • Default Access type: Read-only
  • Use Twitter for login: Yes

After submitting the form, you should get a Consumer key, Consumer secret, Request token URL, Access token URL, Authorize URL (make a note of these, or keep the window open somewhere for now).

4. Setup PHP OAuth library

I used the twitteroauth library for this (.tgz download).

This library requires PHP’s cURL library to be installed (package php5-curl on Ubuntu or other Debian-like systems).

Untar and unzip this into your MediaWiki extensions directory, and rename the directory to ‘oauth’:
cd /[wiki root directory]/extensions
wget http://github.com/abraham/twitteroauth/tarball/0.2.0-beta3
tar xzf abraham-twitteroauth-76446fa.tar.gz
mv abraham-twitteroauth-76446fa oauth

Recommended: Some of the code from this library needs to be accessible from a browser, so I’d recommend symlinking to this directory from the wiki root:
cd /[wiki root directory]/
ln -s extensions/oauth

You don’t have to do this, but it looks a bit neater than having URLs containing your wiki extensions directory.

Edit the config file in the oauth directory:
vi /[wiki root directory]/extensions/oauth/config.php
Set the ‘CONSUMER_KEY’ and ‘CONSUMER_SECRET’ to the values you got when you registered your OAuth application with twitter.
Set the ‘OAUTH_CALLBACK’ to ‘http://[your wiki base URL]/oauth/callback.php’.

To test that everything’s worked so far, visit:
http://[your wiki base URL]/oauth/
and click the button to sign in using twitter.

You should then be taken to a page on twitter.com which asks about allowing the application access to your twitter account. Clicking on the ‘Allow’ button should then redirect you back to:
http://[your wiki base URL]/oauth/index.php

Refresh the page, and you should see all the information twitter has passed back to the application.

5. Set up the wiki to use OAuth

Download TwitterAuth.php, and put it into the extensions directory:
cd /[wiki root directory]/extensions
wget http://github.com/davechallis/misc-scripts/raw/master/TwitterAuth.php

Modify your LocalSettings.php, and add the following lines:

require_once("$IP/extensions/TwitterAuth.php");

global $wgHooks;
$wgHooks['UserLoadFromSession'][] = 'twitter_auth';
$wgHooks['UserLogoutComplete'][] = 'twitter_logout';

Once you’ve added this, and signing in using OAuth worked as in the section above, try navigating to any wiki page. You should now be logged with your twitter username.

6. Additional Setup

Two last things need adding before we’re done:

6.1 Add a login button to the login page

Make a copy of the original, and then edit:
/[wiki root directory]/includes/templates/Userlogin.php

After the line which reads:

<p id="userloginlink"><?php $this->html('link') ?></p>

add the following lines:

<?php
$return = '';
if (isset($_GET['returnto'])) {
 $return = "?returnto={$_GET['returnto']}";
}
?>
<p>Or: <a href="http://[wiki base URL]/oauth/redirect.php<?php echo $return;?>">
<img src="/Sign-in-with-Twitter-lighter.png" alt="Sign in with Twitter" /></a></p>

Change the text/image above to anything suitable for your site (twitter has some preferred button images for this).

6.2 Redirect to the correct page after login

Some code needs adding/tweaking so that a user returns to the page they were on after logging in (the code added above for the login button helps with this).

Modify:
/[wiki root directory]/extensions/oauth/callback.php
and change the line near the bottom from:
header('Location: ./index.php');
to:
header('Location: http://[wiki base URL]/index.php/' . $_SESSION['returnto']);

And finally modify:
/[wiki root directory]/extensions/oauth/redirect.php
Underneath the line which reads:
case 200:
add the following:

    if (isset($_GET['returnto'])) {
        $_SESSION['returnto'] = $_GET['returnto'];
    }
    else {
        $_SESSION['returnto'] = '/';
    }

That’s mostly it!  I’ve probably forgotten a few things, and a lot of changes were made at the last minute/during Dev8D, so any fixes/suggestions are welcome.

Posted in Uncategorized.


6 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. zoglun says

    http://github.com/davechallis/misc-scripts/raw/master/TwitterAuth.php

    404……

    May you send me a copy? THANK YOU VERY MUCH!!!!!!

  2. Dave Challis says

    Oops, file should be at:

    https://github.com/davechallis/misc-scripts/blob/master/php/TwitterAuth.php

    I’ll edit the blog post to match.

  3. Marc K says

    Can you please submit this extension/instructions to the MediaWiki plug-in community? I’m sure that there are others that would benefit from this without having to track it down via Google.

    Thanks in advance.

  4. David Raison says

    Hi Dave, I wanted to let you know I acted on Marc K’s plea and on our needs and created a fully-fledged extension based on your work: https://secure.wikimedia.org/wikipedia/mediawiki/wiki/Extension:TwitterLogin

    So if you feel like contributing, you’d be more than welcome!

  5. marek says

    Fatal error: Call to undefined method User::SetupSession() in /home/content/19/9001819/html/rtp/extensions/TwitterAuth.php on line 8

    at step 4

Continuing the Discussion

  1. pligg.com linked to this post on May 11, 2010

    MediaWiki Authentication Using Twitter and OAuth…

    MediaWiki Authentication Using Twitter and OAuth
    1. Set up MediaWiki
    2. Create a new table in the MediaWiki database
    3. Register a new twitter application
    4. Setup PHP OAuth library
    5. Set up the wiki to use OAuth
    6. Additional Setup
    6.1 Add a login bu…



Some HTML is OK

or, reply to this post via trackback.