On 19/03/13 19:21, Jon Robson wrote:
Chris: On the latest iPhone cookies were not accepted
from iframes
from sites that were not visited. You had to physically visit the site
by following a link or typing the url into the address bar first. We
are currently investigating whether meta refresh etc can help here -
although that's not ideal. For our projects that would result in over
13 redirects - a horrible user experience!!
Correct me if I'm wrong but the 2 problems that CentralAuth solves are
1) Takes away the inconvenience of having to login across multiple sites
Yes.
Typical usecase: you logged in to wikipedia, but then go to Wikimedia
Commons to upload a photo → No need to log in again (this is also
problematic for newbies, as it's counterintuitive).
2) Allows communication between wiki sites via CORS
that require authentication.
We aren't using CORS right now.
I'm guessing openid / oauth will solve #1 ?
Not really. That could solve the "one password for all sites problem",
but as that's done at server level, that would still work. It won't fix
the you are logged in, then you opened another page [from a different
project] and you aren't.
An idea I've banded around to solve #2 would be to
allow wikis to
access other projects via the api.
e.g.
http://en.wikipedia.org/w/api.php?action=query&titles=Photo&project…
would allow a developer to access the page Photos on
wikimedia.commons.org rather than having to resort to a CORS request
(ie. it would route the query to the database for commons rather than
wikipedia)
For api requests that require credentials it would send the
credentials of the current project (in this case wikipedia).
Is that something that is feasible?
We had that in query.php and moved away from it. Feasible, but not going
to happen.
(FWIW I actually dislike that CentralAuth currently
logs me into
various projects that I never use such as wiktiversity...)
But perhaps you do use meta.wikimedia and wikipedia.
Although some preference for which sites you want to be logged in
could help to control the proliferation of sites there.