[Labs-l] Storing oauth tokens in a tool account
Sam Wilson
sam at samwilson.id.au
Fri Feb 3 02:13:57 UTC 2017
Hello labradors (that's the collective noun, yes?),
I'm working on a tool http://tools.wmflabs.org/ia-upload/test/ that
needs to do some time-consuming file processing before uploading the
result to Commons. To do this, it saves users' oauth access tokens in
local (non-web-accessible) files and then a separate CLI process comes
along and uses the tokens to do the upload. Then the token is deleted.
I realise that it's probably not a very good idea to store people's
credentials like this! Are there any guidelines about how to do this?
What is the best way? I don't really want to have to ask users to come
back and do the upload (although, it could email them when their file is
ready, if tokens shouldn't be stored at all).
Thanks,
Sam.
More information about the Labs-l
mailing list