On Tue, Jun 4, 2013 at 7:46 PM, Rob Lanphier <robla(a)wikimedia.org> wrote:
This page is more relevant to our immediate plans:
https://www.mediawiki.org/wiki/Auth_systems/OAuth
I would be really happy to see someone do some cleanup of this page,
archive the bits written in 2011, and make the Auth_systems/OAuth page
more prevalent, possibly merging with OAuth (though please don't mix
in the obsolete stuff)..
This page is, arguably, even worse. My favorite quotes from this page:
The list of granted permissions will be supplied by the AuthPlugin
AuthPlugin never used to handle this kind of stuff. The only extensions
that use AuthPlugin are those that provide *supplemental* authentication
services. Notice that E:LDAPAuthentication uses AuthPlugin, but
E:TwoFactorAuthentication does not. AuthPlugin has never handled additional
authorization logic, and I don't see any reason why it should.
Granted permissions are identified by string tokens.
These are entirely
independent of the existing user rights system: to successfully execute a
module, both the existing user rights checks and the granted permissions
check have to pass.
Why?! What exactly is so bad about just using our own permissions, which
already exists, as the permissions for OAuth tokens. It allows the highest
level of granularity for permissions and allows us to easily display to the
user exactly what the application will be allowed to do.
*-- *
*Tyler Romeo*
Stevens Institute of Technology, Class of 2016
Major in Computer Science
www.whizkidztech.com | tylerromeo(a)gmail.com