OAuth: future of user-designed tools

Last month, the OAuth extension was deployed to all Wikimedia wikis. OAuth is a standard used for allowing users to authenticate third-party applications, also known as consumers, to take actions on their behalf.

In the past, tools were forced to use systems like TUSC to authenticate users, or store a separate authentication database like UTRS. Now, these applications can take actions using your account without you having to give them your password. For example, you can use the CropTool tool to crop an image on Commons, and the cropped image will be uploaded using your own account with a tag showing that CropTool was used.

Instructions for getting your application set up to use OAuth can be found on mediawiki.org. Currently Dan Garry, the product manager for OAuth, is approving each application before it can be used. That role will transition over to the Stewards after the guidelines for OAuth consumers, which are currently being drafted, are finalised.

More information:

• OAuth FAQ
• A list of all approved applications
• OAuth guide for developers by Chris Steipp

Not all fixes may have gone live to WMF sites at the time of writing; some may not be scheduled to go live for several weeks.

• Deployments on hold: There are no planned deploys for the week of December 23rd due to holidays.
• Edit visualization tool: Jeph paul has created a tool which visualizes an article's history. More information about the IEG.
• Any updates to a file on Commons will be reflected in pages that use it faster (bug 22390).
• Improvements to Drafts namespace: Steven Walling and Pau Giner published a blog post about what drafts might look like in the future.

← Previous "Technology report"

Next "Technology report" →

In this issue

25 December 2013 (all comments)

Recent research

Featured content

Discussion report

WikiProject report

News and notes

Technology report

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.

• OAuth seems like a good excuse for someone to do a complete overhaul of the transfer-files-to-Commons tool Commonshelper. Commonshelpler, which has gone through a number of iterations and had several bots (the bot is what does the upload with the information you provide), has always had a number of rather serious problems. The two largest are that 1) it uses a license whitelist that's not comprehensive, meaning that the tool won't recognize as free, and thus won't transfer, files with uncommon free licenses, and 2) the output that the bot leaves on the Commons page after the upload (upload history and information from Template:Information from the original project) tend to come out either really messy, or plain incomplete. I personally use For the Common Good, which is the only good transfer tool that I know of, but it only works on Microsoft and Linux systems. Considering that there's something on the order of 400,000 images that are freely licensed and are on English Wikipedia, there is a need for a good transfer tool that doesn't require downloading and isn't OS specific. A rewrite of Commonshelper using OAuth would make sense. Sven Manguard Wha? 17:12, 28 December 2013 (UTC)[reply]
• What Sven says, but for Commonist. I keep saying that hosting a java program on some random server, and linking to it from an unprotected page, is a double security risk. --_{Piotr Konieczny aka Prokonsul Piotrus| reply here} 12:18, 1 January 2014 (UTC)[reply]