On Sat, Nov 23, 2013 at 6:04 PM, Marc A. Pelletier <m...@uberbox.org> wrote: > On 11/23/2013 05:18 PM, Matthew Flaschen wrote: >> I haven't seen TUSC used for simply logging into other sites without >> intending to take an action on a Wikimedia wiki. It may be, somewhere, >> though. > > I didn't know about that commons thing, and that is clearly OAuth. > UTRS, however, uses TUSC just to know who you are, which is OpenID.
Other possibilities for "to know who you are": If you're not worried about MitM (including NSA-style compromised CA situations) or other sorts of attacks, hitting api.php?action=query&meta=userinfo via OAuth will tell the app who the user is. If the app doesn't have any personal or private information or access controls based on the on-wiki identity of the user (e.g. it's just used for "Hi $NAME" or showing/hiding "block" or "protect" buttons based on whether you have the needed user rights), I'd think you're probably good here. Then there's Gerrit change 93859,[1] which would add the ability to request what is effectively a signed version of meta=userinfo. Something like UTRS that needs to restrict access to unblock requests based on the on-wiki identity would need this (or OpenID). [1]: https://gerrit.wikimedia.org/r/#/c/93859/ -- Brad Jorsch (Anomie) Software Engineer Wikimedia Foundation _______________________________________________ Labs-l mailing list Labs-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/labs-l