On Sun, Jul 29, 2018 at 12:37 AM rupert THURNER rupert.thurner@gmail.com wrote:
if one takes an example, lke https://tools.wmflabs.org/video2commons/, is this implemented like it should? is there any difference from "any" application or applications on the tools server? am looking at the code here currently: https://github.com/toolforge/video2commons/blob/master/video2commons/fronten... the "dologin" method.
Yes, there is a major difference between a web application like the video2commons tool and a device native application like an Android app. That difference is that in a web application secret data can be kept on the web server side that is not visible to the end user. This allows the OAuth application secret to be used in signing requests to the Wikimedia servers without exposing that secret to anyone who is looking at the source code of the web application. This separation is not possible when the application is running on end-user controlled devices as a phone or desktop application does.
Bryan