Hi all,

OAuth support was added to MediaWiki two years ago, and has seen some significant uptake. (In case you are not familiar with it, OAuth[1] is a feature through which users can allow tools to act in limited ways through their account, without giving out their password. See Crosswatch[2] for an example.)

Tools need to be whitelisted to get access to OAuth; this was done by an ad-hoc group of developers, without any explicit rules of what to accept. The plan was always that eventually the community would do it in a self-governing way, similar to how bot requests are handled (except that OAuth tool permissions are managed globally), but no one got around to actually arrange it.

So let's change that! I set up a discussion page on Meta: https://meta.wikimedia.org/wiki/Requests_for_comment/OAuth_handover Your help is needed to turn this into a functioning policy.

Please follow up there to keep the discussion centralized.

[1] https://www.mediawiki.org/wiki/Help:OAuth [2] https://tools.wmflabs.org/crosswatch/