On Tue, Jun 4, 2013 at 3:38 PM, Matthew Flaschen mflaschen@wikimedia.orgwrote:
See https://www.mediawiki.org/wiki/OAuth#Suggested_Granularity_of_Permissions(li... is not final).
Who wrote this? Some interesting excerpts:
- Third party app's code *must* be free software or at least open
source (up for debate)
In other words, if you want to make a closed source Wikipedia app, it has to be insecure. Not the greatest strategy.
- Rollback of all the actions by an individual application should be
possible.
Not sure how this would be implemented.
Also, by the way, https://gerrit.wikimedia.org/r/20905 was merged for the purpose of enabling OAuth. The intention was just to have the extension hook into that, check for the Authorization header and validate it.
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com