Hi,
I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) It seems interesting, but seems very oriented for web applications, not so much for desktop applications.
I'm interested in developing this for WPCleaner [1], which is a desktop application. Is the callback URL required ? If so, which one should you use for a desktop application ?
Has anyone implemented the connection to WMF wikis using OAuth under Java ?
For this to work, you request client tokens (including secret key) for the client : do this tokens need to be kept privately ? I'm wondering, because keeping secrets for an open source desktop application is not easy.
Nico
[1] http://en.wikipedia.org/wiki/Wikipedia:WPCleaner
On Wed, Aug 21, 2013 at 6:15 AM, Chris Steipp csteipp@wikimedia.org wrote:
As mentioned earlier this week, we deployed an initial version of the OAuth extension to the test wikis yesterday. I wanted to follow up with a few more details about the extension that we deployed (although if you're just curious about OAuth in general, I recommend starting at oauth.net, or https://www.mediawiki.org/wiki/Auth_systems/OAuth):
get you started towards using OAuth in your application.
- Demo: Anomie setup a excellent initial app (I think counts as our first
official, approved consumer) here https://tools.wmflabs.org/oauth-hello-world/. Feel free to try it out, so you can get a feel for the user experience as a user!
- Timeline: We're hoping to get some use this week, and deploy to the rest
of the WMF wikis next week if we don't encounter any issues.
- Bugs: Please open bugzilla tickets for any issues you find, or
enhancement requests--
https://bugzilla.wikimedia.org/enter_bug.cgi?product=MediaWiki%20extensions&...
And some other details for the curious:
- Yes, you can use this on your own wiki right now! It's meant to be used
in a single or shared environment, so the defaults will work on a standalone wiki. Input and patches are welcome, if you have any issues setting this up on your own wiki.
- TLS: Since a few of you seem to care about https... The extension
currently implements OAuth 1.0a, which is designed to be used without https (except to deliver the shared secret to the app owner, when the app is registered). So calls to the API don't need to use https.
- Logging: All edits are tagged with the consumer's id (CID), so you can
see when OAuth was used to contribute an edit.
Enjoy! _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l