i'm suggesting we replace it completely with OAuth2
authentication against Phabricator. The code in the existing plugin is
fairly complex, and even if we do fix it for this time around it'll
probably create more problems down the line. Considering some of the
problems the current Identity system is causing, we're also
considering replacing LDAP with OAuth2 - potentially hosted by
Phabricator - so moving in this direction now is probably a good idea
for future proofing (I believe the recent versions of phpBB also
support OAuth rather well too, so bonus points there...)
Is there anyone who could help sorting out getting the latest version
of Mediawiki and Phabricator chatting over OAuth2?
Would Phabricator become the master user account manager, replacing
This would be a step in that direction yes. Whether we will actually
take this step in the long run is another thing altogether.
What if we make mediawiki, phabricator, etc. login to identity using
That would require adding OAuth2 Provider, and appropriate API code to
Identity as it stands.
Phabricator already has all of this, so let's leverage it to reduce
our cost of maintenance.