From bd2a57d4f5e61e36d001242a69ec6484cdad5d4f Mon Sep 17 00:00:00 2001
From: Pieter-Jan Briers <pieterjan.briers+git@gmail.com>
Date: Sat, 10 Feb 2024 13:54:12 +0100
Subject: [PATCH] Example OAuth configuration for MediaWiki

---
 src/en/server-hosting/oauth.md | 38 ++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/src/en/server-hosting/oauth.md b/src/en/server-hosting/oauth.md
index 14c299d50..61be84efd 100644
--- a/src/en/server-hosting/oauth.md
+++ b/src/en/server-hosting/oauth.md
@@ -30,4 +30,42 @@ IdentityServer4 defaults to being somewhat restrictive with what signing algorit
 We can change this manually through the hub-admin panel (see note about dials above), so if this is a problem for you, tell us.
 
 See the following issue: https://github.com/space-wizards/SS14.Web/issues/11
+```
+
+## Example Configuration
+
+### MediaWiki
+
+```admonish bug
+Using MediaWiki currently requires some manual back-end configuration you can't do yourself. Please ask in `#hosting` to have this set up.
+```
+
+You first need to make sure you have the [`PluggableAuth`](https://www.mediawiki.org/wiki/Extension:PluggableAuth) and [`OpenIDConnect`](https://www.mediawiki.org/wiki/Extension:OpenID_Connect) extensions installed. Please refer to MediaWiki's documentation for installing extensions.
+
+Create an OAuth application on our website with the following parameters:
+
+* Application name: Something meaningful for users to recognize.
+* Authorization callback URL: The "`Special:PluggableAuthLogin`" page on your wiki. For example, since the official wiki's main page is `https://wiki.spacestation14.io/wiki/Main_Page`, this would be `https://wiki.spacestation14.io/wiki/Special:PluggableAuthLogin`.
+* Homepage URL: The main page of your wiki. For example `https://wiki.spacestation14.io/wiki/Main_Page`
+* Untick "Require PKCE"
+
+Also generate a client secret and copy it.
+
+Enter the following into your `LocalSettings.php` in your MediaWiki installation and replace the required values:
+
+```php
+wfLoadExtension( 'PluggableAuth' );
+wfLoadExtension( 'OpenIDConnect' );
+
+$wgPluggableAuth_Config[] = [
+        'plugin' => 'OpenIDConnect',
+        'data' => [
+                'providerURL' => 'https://central.spacestation14.io/web/',
+                'clientID' => 'e584f64f-d0f9-4b15-9714-1233bc4c55a4', // Replace with your client ID.
+                'clientsecret' => 'foobar', // Replace with your client secret.
+                'scope' => [ 'profile', 'email' ]
+        ]
+];
+
+$wgOpenIDConnect_MigrateUsersByUserName=true;
 ```
\ No newline at end of file