Miraheze OAuth client documentation for Verification Endpoint API

From Recap Time Squad Wiki


Template:Documentation WIP

This page documents how do we implement MediaWiki user account verification ourselves for Miraheze via OAuth2 for both end-users and global wiki administrators regarding our OAuth usage.

How this work?[edit]

We store the Miraheze user association with the Discord or Telegram user connected to our verification index using user IDs instead of usernames, especially in case the user requested an global username change. Due to abuse prevention reasons, you only be able to connect Miraheze account at a time, regardless if you use Discord or Telegram for triggering the request. We'll be working on support for alternative accounts very soon.

Stage 1: Pre-Authentication[edit]

When /link-mh command is triggered, the bot will send you an message via DMs with an special link that you'll be used to connect your MediaWiki user account (in this case, Miraheze), similar to the example below. The authentication code in the state parameter will expire in a hour, so make sure to use the link and complete the authenication process.
https://rtapp-verify-backend.recaptime.autocode.gg/oauth/mediawiki?state=discord_randAuthCode
Once the auth code is expired or used, the server may redirect you to this page telling that the state is invalid.

Stage 2: OAuth consent screen[edit]

After clicking the OAuth link from the bot, the backend server will redirect you to the MediaWiki OAuth2 consent screen where you need to accept the permissions.