On 29/07/18 00:35, Gergo Tisza wrote:
On Sat, Jul 28, 2018 at 10:37 AM Sam Wilson sam@samwilson.id.au wrote:
I've been wondering about how this sort of thing would work as well, in the context of a Piwigo plugin that I've been working on for easily uploading photos to Commons (or any MediaWiki site). It seems the easiest way to do it is to get users to register their own personal (owner-only) OAuth consumer (which I think never requires approval?) and then have them enter the consumer token in the app.
I'd say that's the hardest (although it could be made more user-friendly with some effort). See https://phabricator.wikimedia.org/T179519#3727899 for other options.
Good point: I guess I meant "easiest" as in "closest to getting oauth working"! :) But yeah, hardly simple from the user's point of view.
I was thinking that bot passwords are generally discouraged as part of a normal user workflow. I'm probably thinking too strongly though, and it's fine to direct people to Special:BotPasswords. Although, by default it does say "If you don't know why you might want to do this, you should probably not do it." which might be discouraging to some people. Still, easy enough to spell out what's going on before sending people there.
Thanks for the breakdown of the options here. :-)