For real example, I’m working on a MediaWiki authentication extension which integrate DiscourseConnect. And it will be the only login method on my MediaWiki instance.
I have two options(as i know):
Implement a SessionProvider which get user data from DiscourseConnect callback, then set it to MediaWiki session directly.
Implement a PrimaryAuthenticationProvider which also get user data from DiscourseConnect callback, but create its own user in MediaWiki system.
I think the option 1 much look like a SSO implemention, option 2 like
Login With Google.
The only disadvantage of option 1 i know is that i will hard to get out of it, no way i can image how to migrate out and enable local login if no saving any credential to MediaWiki. Maybe i can save the user credential somewhere.
Which option should i choose?.