5/6/2023 0 Comments Keybase wikipedia![]() ![]() A user visits a toolforge-hosted application and 'links' their Wikimedia account via OAuth (e.g.I'm logging this because although a toolforge tool could do this fairly easily, the config stipulates that for a account to be proven, the prefill_url / check_url needs to be on the same (sub)domain (i.e. Going by, the integration steps involve "implementing some product features, a couple API endpoints, and then talking to us." - we all know its never this simple, but Keybase's django example proof integration could be modified and run on toolforge, instead of any changes being considered in MediaWiki. What do we need, and why am I logging this? In fact, a GitHub task has existed since 2014 ( ), with a significant amount of interest shown over the years (with one comment by our resident should be noted that all of these methods (committed identities, PGP keys, Keybase) are not guarantees that a sysadmin will reset the 2FA of an account - as far as I'm aware, it is done at their discretion only ![]() Keybase is easier to set up than a committed identity) and is a service a number of Wikimedians (probably) use. We have a number of methods of proving ownership of a Wikimedia account (namely via " Committed identities" and public key signed messages) - these have been useful for when two-factor authentication has failed (and/or scratch codes forgotten).Īdding Keybase as another potential method of proving ownership lowers the technical boundary (i.e. Keybase is a key directory that maps social media identities to encryption keys in a publicly auditable manner - for example, I am, and I have cryptographic proofs which validate control over the accounts listed there. ![]()
0 Comments
Leave a Reply. |