Try to give sufficient information about the application for admins and users to decide whether it can be trusted. To register a new OAuth application, submit the form at Special:OAuthConsumerRegistration/propose. The remaining parts differ significantly depending on the OAuth version.
#MEDIAWIKI OAUTH REGISTRATION#
The registration is basically the same for OAuth 1.0a and OAuth 2, with the difference being only the presence of a few form fields. It is not to be confused with OATH (a second-factor authentication protocol, commonly known as "type the six numbers you see on your mobile app", now enabled on Wikimedia sites) and OpenID Connect (an authentication protocol based on OAuth 2.0 - the OAuth MediaWiki extension does include a somewhat OpenID-like custom protocol for determining user identity though).įor a slightly larger nutshell, see these slides. when using accounts at those sites to log in elsewhere). OAuth is a widely used open standard (you can see it on sites like Google or Facebook or GitHub, e.g. When the application actually needs to make an action (API request) on the user's behalf, it can combine the credentials received in steps 1 and 2 to sign the request.If the user accepts, the application will receive another set of credentials (which are specific to that user, and can be revoked by the user at any time). This will involve sending the user to a special page on the wiki, which will display an authorization dialog. When a user wants to use it, the application must initiate an authorization process.The developer must register the application (often called "consumer" in the OAuth terminology) on the wiki, possibly go through some sort of review process, and will receive some credentials.This happens via the OAuth 2.0 or OAuth 1.0a protocol, and has three components: the app might be able to edit articles but not delete them, so even users with extended permissions can safely use OAuth-enabled tools). OAuth allows an application to request permission from a user to act through that user's wiki account, without knowing the user's password, and without being able to do everything the user could (e.g. If you are developing a bot or similar application where the same consumer is always used with the same user account, you might prefer the simpler owner-only consumers.
0 kommentar(er)
