Hi all,
OAuth support was added to MediaWiki two years ago, and has seen some
significant uptake.
(In case you are not familiar with it, OAuth[1] is a feature through which
users can allow tools to act in limited ways through their account, without
giving out their password. See Crosswatch[2] for an example.)
Tools need to be whitelisted to get access to OAuth; this was done by an
ad-hoc group of developers, without any explicit rules of what to accept.
The plan was always that eventually the community would do it in a
self-governing way, similar to how bot requests are handled (except that
OAuth tool permissions are managed globally), but no one got around to
actually arrange it.
So let's change that! I set up a discussion page on Meta:
https://meta.wikimedia.org/wiki/Requests_for_comment/OAuth_handover
Your help is needed to turn this into a functioning policy.
Please follow up there to keep the discussion centralized.
[1]
https://www.mediawiki.org/wiki/Help:OAuth
[2]
https://tools.wmflabs.org/crosswatch/