How to use OATHAuth in Mediawiki

Configure OATHAuth

The version of Mediawiki I'm using has OATHAuth preinstalled. To configure your Mediawiki instance to allow users to enable two-factor authentication simply add

wfLoadExtension( 'OATHAuth' );

to the end of the LocalSettings.php file located in the root of the MediwWiki directory. Then restart your HTTP server. In my case I simply run

sudo systemctl restart httpd

Install oathtool

There are a number of OATH clients on the market, but I decided to just install the oathtool command line tool on my Fedora based laptop, by running

sudo dnf install oathtool.x86_64

Apple has the same functionality built into the Passwords app, but as I only login from my Fedora based laptop, it's easier to run a command and copy the output to my clipboard. You do you.

I'm using the Vector 2020 skin, so if your screen looks different, you're likely using a different skin.

Enable 2FA

I created an account called Test2fa to illustrate how to enable Two-Factor Aythentication. After you login with username & password, open your Preferences dialog.

In the User Profile tab of the Preferences dialog, hit the Manage button in the Two-Factor Authentication section.

Next, enable the Time-based One Time Password by hitting the Enable button.

You will be presented with a page of information. This information will never change, and is needed by the oauthtool to generate the 6 digit TOTP.