Have you looked at using OAuth for authentication?
Yes; the modules in use support OAuth but we made a conscious decision to
support anonymity. Lack of anonymity can interfere with the operation of the
reviewer reputation database.
I'd love to read the background discussion that led to that decision.
Here is the pertinent excerpt:
"I would prefer to have text presented to reviewers anonymously. While
we can and do make reputation decisions about particular users,
wikipedia editing is generally pseudonymous with little control over
identity and password security. There are already tools for addressing
user-oriented issues. All of the accuracy review contemplated in the
original assignment assumes that review is anonymous so that reviewers
can not be influenced by, e.g., commercial loyalties or bribery."
Could you identify which part of MediaWiki's OAuth
implementation has
unacceptable problems regarding anonymity?
Let me think about that and respond later, please. Upgrading to do
that might be more configuration than re-coding.
If you are setting high standards/promises in that
regard, your
alternative implementation of user authentication will need to be
extremely carefully written (as will your entire codebase need very
good security auditing).
Hence my request for people to have a look at it. The Python Flask
default login system is being used.