[Labs-l] OAuth is here!

Brad Jorsch (Anomie) bjorsch at wikimedia.org
Sun Nov 24 20:02:40 UTC 2013


On Fri, Nov 22, 2013 at 10:17 PM, Mahmoud Hashemi
<mahmoudrhashemi at gmail.com> wrote:
> It's awesome, and works well in my development tests, but approvals take
> longer than I would hope (example).

Right now, there are only a handful of people who have the ability to
approve requests. The plan is to change the "central" wiki for OAuth
to Meta instead of mediawiki.org, and at the same time turn this
permission over to the community to manage. See bug 57336[1] for
details.

 [1]: https://bugzilla.wikimedia.org/show_bug.cgi?id=57336

> Also, any word on when the OAuth callback might be controllable in-band? I
> think I've seen the OOB-only policy some places, but not with any sites with
> which I've actually integrated (Twitter, LinkedIn).

I don't believe this is planned at all. I don't recall the details,
but the decision to allow only oob was based on a potential security
issue with allowing for in-band control of the callbacks. I'm CCing
Chris, who can fill us in on those details (I don't know if he's on
this list).


-- 
Brad Jorsch (Anomie)
Software Engineer
Wikimedia Foundation



More information about the Labs-l mailing list