I am trying to setup a Mediawiki on Azure. And need to have OAuth support with Client Credentials Flow so a client application can request access token from Azure AD, and then client uses the requested access token to call Mediawiki API to access wiki resources.
I am wondering what are the steps I can follow in order to have such setup.
Currently I am thinking use Azure Web App to create Mediawiki and turn on Express Auth mode in AAD for this app. Not sure if I still need to configure anything in Mediawiki for validating the access token or any extension needed.
I also saw some tutorials create VM instead of Azure Web App. But I can not find any Client Credentials tutorials for Mediawiki.
[Update section below]
I would like to clearify my question a bit more in case I didn't. I would like to configure Azure AD (which is an Identity platform) to enable client credential. So my client app can get access token from Azure AD and then client app can use this token to query data directly to Medaiwki API.
Example:
Step 1: Client send post request to Azure AD endpoint using client crendentials
POST:
https://login.microsoftonline.com/xxxxxx_an_AAD_tenantID_xxxxxxxxxxxx/oauth2/token
Headers:
Content-Type: multipart/form-data;
Body:
{
client_id=<New App Registration Client ID>,
client_secret=<New App Registration Client Secret>,
grant_type=client_credentials
}
Response:
{
"token_type": "Bearer",
"expires_in": "xxx",
"ext_expires_in": "xxx",
"expires_on": "xxx",
"not_before": "xxxx,
"resource": "xxx",
"access_token": <Access_Token>
}
Step 2: using the Access token from step 1 to query Medaiwiki API data
GET:
https://myMediawiki.com/api.php?action=query&meta=siteinfo&siprop=namespaces&format=json
Headers:
Authorization: Bearer <Access_Token>
I am wondering how to configure such Mediawiki. In order to take the access token at Mediawiki.
I understand there are some OAuth extensions. But those extensions seem to act as a whole authorization server. In my case, I would like AAD act as Authorization Server and AAD will create authorized Client App with client_id and Client_secret in step 1.
Some references: