RestAuth (MediaWiki Extension)

Aus Free Software
Zur Navigation springen Zur Suche springen
Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png

Release status: stable

Implementation User identity, User rights
Description This allows MediaWiki to authenticate against the RestAuth shared authentication service.
Author(s) Mathias Ertl (Mati talk)
Version 0.9 (2011-03-16)
MediaWiki 1.16.3 or later
License GPL v3 or any later version.
Download see Download
Parameters $wgRestAuthHost, $wgRestAuthService, $wgRestAuthServicePassword, $wgRestAuthRefresh, $wgRestAuthGlobalOptions, $wgRestAuthIgnoredOptions
Example see Example
Hooks used


The RestAuth MediaWiki extension integrates MediaWiki with the RestAuth project. It uses all features of the RestAuth protocol (authentication, authorization and preferences).


The source code of this extension was hosted on, a project no longer maintained. Since this extension was so old, the git repository was not transfered to any other repository and the source code is no longer available.

Installation & Configuration

After downloading the extension, you need to include RestAuth.php in your LocalSettings.php file and set a few required settings:

require_once( "$IP/extensions/RestAuth/RestAuth.php" );

# RestAuth service details:
$wgRestAuthHost = '';
$wgRestAuthService = '';
$wgRestAuthServicePassword = 'random-password';

# Needs to be *after* the settings above:
$wgAuth = new RestAuthPlugin();

# Optional Settings:

# How often do you want to update settings from the shared authentication server:
#$wgRestAuthRefresh = 360;

# You can add MediaWiki settings here so they are saved as global option and may be used by other systems. By default, language, real name, email and email_confirmed are synchronized to global settings:
#$wgRestAuthGlobalOptions['some setting'] = true;

# If you want the plugin to completely ignore some settings, you can add them here. By default, only the watchlist token is ignored.
#$wgRestAuthIgnoredOptions[] = 'ignored setting';
MediaWiki 1.16.2 or earlier

MediaWiki 1.16.2 or earlier does not have the Hooks required to synchronize local groups to the RestAuth service. Please apply the patch included in the 1.16.0 branch. You can also fetch the patch directly.

Migrating old Wikis

Configure RestAuth server

The RestAuth server needs to know about each wiki using it. You can share the servicename and password among several wikis, but in order to improve logging and security, it is recommended, to configure individual servicenames and passwords for each wiki.

The exact details of the configuration depend on the server implementation, but since there currently is only one, here are instructions on how to add a service. The example below assumes that your wiki runs on and connects to the authentication server on

# add service to authentication server
root@auth ~ # restauth-service add
password: <enter password here>
confirm: <confirm>
# add standard groups:
root@auth ~ # restauth-groups add sysop
root@auth ~ # restauth-groups add bureaucrat
# every bureaucrat is automatically a sysop:
root@auth ~ # restauth-groups add-group bureaucrat sysop 
# jane is a bureaucrat and thus (see above) automatically a sysop:
root@auth ~ # restauth-groups add-user bureaucrat jane
# joe is 'only' a sysop:
root@auth ~ # restauth-groups add-user sysop joe

How synchronization works


If the user sets a new password in MediaWiki, the new passwords is sent immediately to the RestAuth server. This means that the change takes immediate effect in all services that use RestAuth (unless the other service uses some sort of cache on its own). This also means that it is impossible to login if the RestAuth server is not available.

Groups & Preferences

Groups and Preferences are refreshed upon login, when viewing Special:Preferences or five minutes after the last refresh. The latter interval can be configured using $wgRestAuthRefresh.


This Wiki is one of the Wikis that uses our own RestAuth server. Feel free to create an account here and then log in at, for example,

Try updating preferences in this Wiki (try setting real name, email address or column width). All your preferences and groups are saved on the RestAuth server. The MediaWiki plugin updates preferences every five minutes by default (see $wgRestAuthRefresh above), so it will take a little while for your preferences to become visible in another wiki. If you logout and login again or view the preferences page, all your settings are immediately synchronized.


  • first version documented here.


  • Nothing on the ToDo pile right now.


GPL v3 or any later version.