The Signpost

Technology report

OAuth: future of user-designed tools

Contribute  —  
Share this
By Legoktm
Interface a user sees when granting permission for an application to access their account

Last month, the OAuth extension was deployed to all Wikimedia wikis. OAuth is a standard used for allowing users to authenticate third-party applications, also known as consumers, to take actions on their behalf.

In the past, tools were forced to use systems like TUSC to authenticate users, or store a separate authentication database like UTRS. Now, these applications can take actions using your account without you having to give them your password. For example, you can use the CropTool tool to crop an image on Commons, and the cropped image will be uploaded using your own account with a tag showing that CropTool was used.

Instructions for getting your application set up to use OAuth can be found on mediawiki.org. Currently Dan Garry, the product manager for OAuth, is approving each application before it can be used. That role will transition over to the Stewards after the guidelines for OAuth consumers, which are currently being drafted, are finalised.

More information:

In brief

Not all fixes may have gone live to WMF sites at the time of writing; some may not be scheduled to go live for several weeks.

+ Add a comment

Discuss this story

These comments are automatically transcluded from this article's talk page. To follow comments, add the page to your watchlist. If your comment has not appeared here, you can try purging the cache.
  • OAuth seems like a good excuse for someone to do a complete overhaul of the transfer-files-to-Commons tool Commonshelper. Commonshelpler, which has gone through a number of iterations and had several bots (the bot is what does the upload with the information you provide), has always had a number of rather serious problems. The two largest are that 1) it uses a license whitelist that's not comprehensive, meaning that the tool won't recognize as free, and thus won't transfer, files with uncommon free licenses, and 2) the output that the bot leaves on the Commons page after the upload (upload history and information from Template:Information from the original project) tend to come out either really messy, or plain incomplete. I personally use For the Common Good, which is the only good transfer tool that I know of, but it only works on Microsoft and Linux systems. Considering that there's something on the order of 400,000 images that are freely licensed and are on English Wikipedia, there is a need for a good transfer tool that doesn't require downloading and isn't OS specific. A rewrite of Commonshelper using OAuth would make sense. Sven Manguard Wha? 17:12, 28 December 2013 (UTC)[reply]
  • What Sven says, but for Commonist. I keep saying that hosting a java program on some random server, and linking to it from an unprotected page, is a double security risk. --Piotr Konieczny aka Prokonsul Piotrus| reply here 12:18, 1 January 2014 (UTC)[reply]



       

The Signpost · written by many · served by Sinepost V0.9 · 🄯 CC-BY-SA 4.0