[Wikitech-l] OAuth Not working for Flask application

Dear All, I have been trying to develop a tool which uses OAuth with Flask using mwoauth as specified here[1]. Unfortunately, the OAuth request seems to not work as it ends with no error messages. After investigating, it looks like /oauth-callback does not execute (which seems unusual). This is

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

Does this mean the WMF will kill its 1.x provider for Phabricator login and move to the built in 2.x? (Phabricator knowledge may be slightly out of date, but, seem to recall this was the case a few years back) -- Lewis Cawte On Sat, 18 Jan 2020, 01:39 Cindy Cicalese, wrote: > The OAuth

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

https://www.mediawiki.org/wiki/OAuth/For_Developers#OAuth_2 On Tue, Jan 21, 2020 at 8:59 AM Chico Venancio wrote: > Do we have documentation on the OAuth 2.0 endpoints? > Chico Venancio > > > Em dom., 19 de jan. de 2020 às 11:15, Chico Venancio < > chicocvenan...@gmail.com> escreveu: > > >

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

Do we have documentation on the OAuth 2.0 endpoints? Chico Venancio Em dom., 19 de jan. de 2020 às 11:15, Chico Venancio < chicocvenan...@gmail.com> escreveu: > Great news! > > Chico Venancio > > Em sex, 17 de jan de 2020 22:39, Cindy Cicalese > escreveu: > >> The OAuth extension [0], which

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

Great news! Chico Venancio Em sex, 17 de jan de 2020 22:39, Cindy Cicalese escreveu: > The OAuth extension [0], which implements an OAuth server in MediaWiki, has > been updated. OAuth is an industry-standard protocol for authorization. The > OAuth extension now supports OAuth 2.0 [1] in

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

Cool, greetings from me. Best regards, Zoran. ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Re: [Wikitech-l] OAuth 2.0 support in OAuth extension

Awesome! Thanks to everyone involved in getting this done :) -Ursprüngliche Nachricht- Von: Wikitech-l Im Auftrag von Cindy Cicalese Gesendet: Samstag, 18. Januar 2020 02:38 An: wikitech-l@lists.wikimedia.org Betreff: [Wikitech-l] OAuth 2.0 support in OAuth extension The OAuth

[Wikitech-l] OAuth 2.0 support in OAuth extension

The OAuth extension [0], which implements an OAuth server in MediaWiki, has been updated. OAuth is an industry-standard protocol for authorization. The OAuth extension now supports OAuth 2.0 [1] in addition to its previous support for OAuth 1.0a [2]. The updated extension version is now available

Re: [Wikitech-l] Oauth non working properly

glish Wikipedia. > > Kind regards > > > -Original Message- > From: Wikitech-l On Behalf Of > David Barratt > Sent: 31 August 2019 15:58 > To: Wikimedia developers > Subject: Re: [Wikitech-l] Oauth non working properly > > What's the url of the dashboar

Re: [Wikitech-l] Oauth non working properly

=d0524b6bae49ef4ca74dcf099086cfb2_consumer_key=5709c54e5e241577730e27c13e1a56cf And it remains on English Wikipedia. Kind regards -Original Message- From: Wikitech-l On Behalf Of David Barratt Sent: 31 August 2019 15:58 To: Wikimedia developers Subject: Re: [Wikitech-l] Oauth non working properly What's the url

Re: [Wikitech-l] Oauth non working properly

What's the url of the dashboard? also, what is the url of the empty page (that you get redirected to)? On Sat, Aug 31, 2019 at 9:09 AM wrote: > Hi all, > > I am doing an edit-a-thon and I have a strange behaviour with an user. > > > > He allows the use of Oauth for the Dashboard but he does the

[Wikitech-l] Oauth non working properly

Hi all, I am doing an edit-a-thon and I have a strange behaviour with an user. He allows the use of Oauth for the Dashboard but he does the login and he is not redirected to the Dashboard. The page remains empty even if he is logged. Do you have an idea? Kind regards Ilario

Re: [Wikitech-l] OAuth issue -- adding new consumer

Ivo, Can you maybe describe what issues you're having? There are several people who can help with OAuth, but finding the right person based on, what language your Consumer is written, what framework you're using, or the exact issue you're having, will be easier with more details. On Fri, Oct 16,

Re: [Wikitech-l] OAuth issue -- adding new consumer

On Thu, Oct 15, 2015 at 12:48 PM, Jon Katz wrote: > haha, awesome. I'll actually take a look :) Scratch that last comment. My wires got crossed. I am not the person to talk to about OAuth. I am, however, a product manager on the reading team interested in exploring

[Wikitech-l] OAuth issue -- adding new consumer

Hi! I'm working on a commenting platform for Wikipedia -- WikiComment -- and would need some help with getting OAuth working there. If someone has a bit of time to help me with that, then please let me know. http://wikicomment.ut.ee/ With regards Ivo Kruusamägi

Re: [Wikitech-l] OAuth issue -- adding new consumer

haha, awesome. I'll actually take a look :) On Thu, Oct 15, 2015 at 10:27 AM, Ivo Kruusamägi wrote: > Hi! > > I'm working on a commenting platform for Wikipedia -- WikiComment -- and > would need some help with getting OAuth working there. If someone has a bit > of

[Wikitech-l] OAuth handover

Hi all, OAuth support was added to MediaWiki two years ago, and has seen some significant uptake. (In case you are not familiar with it, OAuth[1] is a feature through which users can allow tools to act in limited ways through their account, without giving out their password. See Crosswatch[2] for

[Wikitech-l] OAuth partial downtime on Monday August 24

Hi all, due to a scheduled migration [1] OAuth authorization and management will be disabled between 21:00–23:00 UTC [2][3[. That means users will not be able to enable new applications (ie. this dialog [4] will not work) and developers and OAuth admins won't be able to

[Wikitech-l] OAuth and callbacks

For those who run one of our 76(!) approved OAuth apps, or are using OAuth extension on their own wiki.. We have a patch [1] from Mitar to allow OAuth apps to pass a configurable callback during the OAuth handshake. This will probably make a lot of app author's lives easier, but can also open up

Re: [Wikitech-l] OAuth and callbacks

On 27 August 2014 20:13, Chris Steipp cste...@wikimedia.org wrote: * Assuming we implement one or two of: dynamic callbacks, automatic approval of apps, or public consumers, but not all three, which are most desired? I would order them: 1. Public consumers. As I understand it, there's no

Re: [Wikitech-l] OAuth upload

2014-03-19 20:34 GMT+01:00 Cristian Consonni kikkocrist...@gmail.com: Eventually I found that in my case the source for the error was the econding of title, since I was doing it (erroneously) two times, so that, for example: Teatro_comunale_(Bolzano) - Teatro_comunale_%28Bolzano%29

Re: [Wikitech-l] OAuth upload

On Wed, Mar 19, 2014 at 3:20 PM, Magnus Manske magnusman...@googlemail.comwrote: Hi Brad, I'm sure that's correct, but: * When I just sign the OAuth params (no content type, no POST fields), I get The authorization headers in your request are not valid: Invalid signature * When I then add

Re: [Wikitech-l] OAuth upload

YES! THANK YOU! The removal of http_build_query was the missing, secret ingredient. All is well now in my OAuth world! Thanks again, Magnus On Thu, Mar 20, 2014 at 2:05 PM, Brad Jorsch (Anomie) bjor...@wikimedia.org wrote: On Wed, Mar 19, 2014 at 3:20 PM, Magnus Manske

Re: [Wikitech-l] OAuth upload

On Wed, Mar 19, 2014 at 12:07 PM, Magnus Manske magnusman...@googlemail.com wrote: Is there any example code for uploading local files to Commons via OAuth? A trick I can't find? Anything? The trick is that you only include the POST data in the signature when the content-type is

Re: [Wikitech-l] OAuth upload

I'm guessing the crop tool developer figured it out. That's not one use case I have code for. If anyone has writing code, I'd love a link to it so I can get a demo posted. There is a trick to getting the form type right, since OAuth's spec explicitly specified out doesn't work with multipart

Re: [Wikitech-l] OAuth upload

Hi Brad, I'm sure that's correct, but: * When I just sign the OAuth params (no content type, no POST fields), I get The authorization headers in your request are not valid: Invalid signature * When I then add the content-type to the header, I get ... the API help page, wrapped in the XML tag

Re: [Wikitech-l] OAuth upload

2014-03-19 20:20 GMT+01:00 Magnus Manske magnusman...@googlemail.com: Hi Brad, I'm sure that's correct, but: * When I just sign the OAuth params (no content type, no POST fields), I get The authorization headers in your request are not valid: Invalid signature * When I then add the

Re: [Wikitech-l] OAuth Devlopment Training

Unfortunately I wasn't able to get the recording to work, but everything we discussed is here: https://www.mediawiki.org/wiki/OAuth/For_Developers The notes and examples should be able to get most people started integrating their applications. But if you have trouble, ping me via email or irc,

Re: [Wikitech-l] OAuth Devlopment Training

And if anyone's curious, the session helped me get identify implemented in Wikimetrics: https://gerrit.wikimedia.org/r/#/c/102618/. I had to hack the unmaintained Flask-Oauth module quite a bit, so eventually I might move to rauth. But it seems to work and makes me feel fuzzier about using OAuth

Re: [Wikitech-l] OAuth Devlopment Training

On Fri, Dec 20, 2013 at 9:33 PM, Dan Andreescu dandree...@wikimedia.org wrote: And if anyone's curious, the session helped me get identify implemented in Wikimetrics: https://gerrit.wikimedia.org/r/#/c/102618/. I had to hack the unmaintained Flask-Oauth module quite a bit, so eventually I

Re: [Wikitech-l] OAuth Devlopment Training

Just a reminder that I'll be running a training tomorrow for any developers interested in OAuth at 11am PST / 19:00 UTC. If you're still interested, let me know and I'll add you to the hangout invite list. For everyone who already responded, I'll send you the link in a bit. Several people asked

[Wikitech-l] OAuth currently broken on wikis with CirrusSearch

Dear all, OAuth is currently broken on any wiki that has CirrusSearch deployed to it in either primary or secondary mode. We're working on getting this issue fixed as soon as possible. I'll post an update here when we have a timescale for the fix. Thanks, Dan -- Dan Garry Associate Product

Re: [Wikitech-l] OAuth currently broken on wikis with CirrusSearch

For reference, the list of wikis which Cirrus is deployed, and therefore where OAuth is broken, is available here: https://www.mediawiki.org/wiki/Search#Wikis Dan On 12 December 2013 16:46, Dan Garry dga...@wikimedia.org wrote: Dear all, OAuth is currently broken on any wiki that has

Re: [Wikitech-l] OAuth currently broken on wikis with CirrusSearch

Note that the wikis that say they were deployed on December 11th but do not have a strike through them have Cirrus running, but their indexes are still being built. I believe OAuth will be broken on those wikis as well. This requires two fixes to actually fix, both of which are in review state

Re: [Wikitech-l] OAuth currently broken on wikis with CirrusSearch

On Thu, Dec 12, 2013 at 11:53 AM, Nikolas Everett never...@wikimedia.orgwrote: Note that the wikis that say they were deployed on December 11th but do not have a strike through them have Cirrus running, but their indexes are still being built. I believe OAuth will be broken on those wikis as

Re: [Wikitech-l] OAuth Devlopment Training

I'll probably try and attend, although it's during the day so there's no guarantee my boss won't randomly schedule a meeting or something. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science On Tue, Dec 10, 2013 at 11:43 PM, Aaron Halfaker

[Wikitech-l] OAuth Devlopment Training

Hi all, For any developers who have been thinking about connecting their application to MediaWiki, but haven't gotten around to diving in, I'm going to have a short training/workshop session next week. I'll give a brief intro to using the version of OAuth that we're running, and walk through some

Re: [Wikitech-l] OAuth Devlopment Training

I'm bummed that I won't be able to join in since this overlaps substantially with the Analytics Research Data showcase that starts @ 11:30 AM PST. Would you be interested in recording the presentation for those of us who cannot attend? -Aaron On Tue, Dec 10, 2013 at 6:47 PM, Chris Steipp

Re: [Wikitech-l] OAuth and Identities

Hi Chris, On 22 October 2013 05:45, Chris Steipp cste...@wikimedia.org wrote: OAuth does not support this, since the results of an api call using OAuth signatures aren't signed (only the request from the OAuth consumer is signed), so it's possible that an attacker could forge a response back

Re: [Wikitech-l] OAuth and Identities

On 10/21/2013 08:45 PM, Chris Steipp wrote: Hi all, I wanted to get some input from you all about any ideas or plans they have for identifying OAuth user in your applications. tl;dr, Since lots of people want to do authentication with OAuth, I'm thinking we'll implement a custom way to get

Re: [Wikitech-l] OAuth and Identities

On Tue, Oct 22, 2013 at 1:57 AM, Merlijn van Deen valhall...@arctus.nlwrote: Hi Chris, On 22 October 2013 05:45, Chris Steipp cste...@wikimedia.org wrote: OAuth does not support this, since the results of an api call using OAuth signatures aren't signed (only the request from the OAuth

Re: [Wikitech-l] OAuth and Identities

I am basically interested only in oauth that can be used by remote applications / processes running on user's PC, which isn't available yet On Tue, Oct 22, 2013 at 7:18 PM, Chris Steipp cste...@wikimedia.org wrote: On Tue, Oct 22, 2013 at 1:57 AM, Merlijn van Deen valhall...@arctus.nlwrote: Hi

Re: [Wikitech-l] OAuth and Identities

On Tue, Oct 22, 2013 at 10:33 AM, Petr Bena benap...@gmail.com wrote: I am basically interested only in oauth that can be used by remote applications / processes running on user's PC, which isn't available yet This is the second most requested feature that we don't support yet. We've been

Re: [Wikitech-l] OAuth and Identities

Do you realize that these application are asking users for their password in this moment? That seems to me even worse than oauth with these caviots On Tue, Oct 22, 2013 at 7:54 PM, Chris Steipp cste...@wikimedia.org wrote: On Tue, Oct 22, 2013 at 10:33 AM, Petr Bena benap...@gmail.com wrote: I

Re: [Wikitech-l] OAuth and Identities

Petr Bena wrote: Do you realize that these application are asking users for their password in this moment? That seems to me even worse than oauth with these caviots Which applications are asking users for their password? The only partial example I can come up with off-hand is AutoWikiBrowser,

[Wikitech-l] OAuth and Identities

Hi all, I wanted to get some input from you all about any ideas or plans they have for identifying OAuth user in your applications. tl;dr, Since lots of people want to do authentication with OAuth, I'm thinking we'll implement a custom way to get identity information from the wiki in the near

Re: [Wikitech-l] OAuth

Done: https://bugzilla.wikimedia.org/show_bug.cgi?id=53322 On Fri, Aug 23, 2013 at 1:22 PM, Chris Steipp cste...@wikimedia.org wrote: On Fri, Aug 23, 2013 at 8:59 AM, Petr Bena benap...@gmail.com wrote: I am just wondering if we really need so complicated names like

Re: [Wikitech-l] OAuth

On Wed, Aug 21, 2013 at 5:04 PM, Chris Steipp cste...@wikimedia.org wrote: On Wed, Aug 21, 2013 at 2:05 AM, Nicolas Vervelle nverve...@gmail.com wrote: Hi, I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) It seems interesting, but seems

Re: [Wikitech-l] OAuth

On Fri, Aug 23, 2013 at 10:38 AM, Nicolas Vervelle nverve...@gmail.comwrote: On Wed, Aug 21, 2013 at 5:04 PM, Chris Steipp cste...@wikimedia.org wrote: For bots too, I'd like to have the extension implement something like

Re: [Wikitech-l] OAuth

I am just wondering if we really need so complicated names like [[Special:MWOAuthManageMyGrants]] Couldn't it be just [[Special:MWOAuthManage]] or [[Special:MWOAuthGrants]] On Fri, Aug 23, 2013 at 5:52 PM, Brad Jorsch (Anomie) bjor...@wikimedia.org wrote: On Fri, Aug 23, 2013 at 10:38 AM,

Re: [Wikitech-l] OAuth

On Fri, Aug 23, 2013 at 7:38 AM, Nicolas Vervelle nverve...@gmail.comwrote: The best workaround now is probably to have each user register their copy of your desktop application as its own consumer. It's a little ugly having to give your user instructions on cutting and pasting tokens and

Re: [Wikitech-l] OAuth

On Fri, Aug 23, 2013 at 8:59 AM, Petr Bena benap...@gmail.com wrote: I am just wondering if we really need so complicated names like [[Special:MWOAuthManageMyGrants]] Couldn't it be just [[Special:MWOAuthManage]] or [[Special:MWOAuthGrants]] I think it would make sense. Could you open

Re: [Wikitech-l] OAuth

Hi, I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) It seems interesting, but seems very oriented for web applications, not so much for desktop applications. I'm interested in developing this for WPCleaner [1], which is a desktop application. Is the

Re: [Wikitech-l] OAuth

Shouldn't Special:MWOAuth with no other parameters do something better than just returning an error? Also, how is normal user supposed to learn about Special:MWOAuthManageMyGrants? I would expect this to be available from Preferences, but I didn't find anything there. Petr Onderka

Re: [Wikitech-l] OAuth

On Wed, Aug 21, 2013 at 1:00 PM, Petr Onderka gsv...@gmail.com wrote: Also, how is normal user supposed to learn about Special:MWOAuthManageMyGrants? I would expect this to be available from Preferences, but I didn't find anything there. There's a link to it on the first page of

Re: [Wikitech-l] OAuth

On Wed, Aug 21, 2013 at 5:05 AM, Nicolas Vervelle nverve...@gmail.comwrote: I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) It seems interesting, but seems very oriented for web applications, not so much for desktop applications. I cannot speak

Re: [Wikitech-l] OAuth

On Wed, Aug 21, 2013 at 2:05 AM, Nicolas Vervelle nverve...@gmail.comwrote: Hi, I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) It seems interesting, but seems very oriented for web applications, not so much for desktop applications. This is

Re: [Wikitech-l] OAuth

On Wed, Aug 21, 2013 at 5:05 AM, Nicolas Vervelle nverve...@gmail.comwrote: I'm completely new to OAuth, so bear with me if my questions are basic or I missed a point ;-) You have some good questions here. I'm interested in developing this for WPCleaner [1], which is a desktop

[Wikitech-l] OAuth

As mentioned earlier this week, we deployed an initial version of the OAuth extension to the test wikis yesterday. I wanted to follow up with a few more details about the extension that we deployed (although if you're just curious about OAuth in general, I recommend starting at oauth.net, or

Re: [Wikitech-l] OAuth

This is highly anticipated on my part and awesome. I will integrate it into wikimetrics asap. Dan On Tue, Aug 20, 2013 at 9:15 PM, Chris Steipp cste...@wikimedia.org wrote: As mentioned earlier this week, we deployed an initial version of the OAuth extension to the test wikis yesterday. I

[Wikitech-l] OAuth critique

There was a discussion recently about OAuth, and I just saw this blog posthttp://insanecoding.blogspot.com/2013/03/oauth-great-way-to-cripple-your-api.html (posted on slashdothttp://tech.slashdot.org/story/13/03/22/1439235/a-truckload-of-oauth-issues-that-would-make-any-author-quit) with some

Re: [Wikitech-l] OAuth critique

Most of those concerns are valid. Daniel Friesnen has managed to convince me that OAuth is absolutely horrible, and that we will probably have to make our own authentication framework. *-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science

Re: [Wikitech-l] OAuth critique

Hoi, MAY I QUOTE YOU ??? Thanks, GerardM On 22 March 2013 17:11, Tyler Romeo tylerro...@gmail.com wrote: Most of those concerns are valid. Daniel Friesnen has managed to convince me that OAuth is absolutely horrible, and that we will probably have to make our own authentication

Re: [Wikitech-l] OAuth critique

I think the caricature of OAuth there should be taken with a grain of salt. The author talks about OAuth, but seems to be referring to OAuth 2 primarily, which is very different from OAuth 1. Also, the author says that the protocol was designed for authorizing website-to-website communication, but

Re: [Wikitech-l] OAuth critique

On Fri, Mar 22, 2013 at 8:59 AM, Yuri Astrakhan yastrak...@wikimedia.org wrote: There was a discussion recently about OAuth, and I just saw this blog posthttp://insanecoding.blogspot.com/2013/03/oauth-great-way-to-cripple-your-api.html (posted on

Re: [Wikitech-l] OAuth critique

Oh yay, I actually convinced someone. This post is a little different than mine. A random spattering of high-level qualms with it. OAuth 2 not being a protocol. Flow issues (though a little debatable). And some stuff about enterprise that besides being irrelevant to us sounds like berating

Re: [Wikitech-l] OAuth critique

On 03/22/2013 12:48 PM, Chris Steipp wrote: I think the caricature of OAuth there should be taken with a grain of salt. The author talks about OAuth, but seems to be referring to OAuth 2 primarily, which is very different from OAuth 1. Also, the author says that the protocol was designed for

[Wikitech-l] OAuth Implementation

Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com |

Re: [Wikitech-l] OAuth Implementation

On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo tylerro...@gmail.com wrote: Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth). *--* *Tyler Romeo* Stevens

Re: [Wikitech-l] OAuth Implementation

Yeah I've noticed. I decided to start with reading the OAuth IETF document first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and

Re: [Wikitech-l] OAuth Implementation

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire)

Re: [Wikitech-l] OAuth Implementation

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented. I think he meant the OAuth extension for PHP [0] rather

Re: [Wikitech-l] OAuth Implementation

Mhm, sounds good. *sigh* Going to be a long journey. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Thu, Aug 16, 2012 at 3:23 PM, Daniel Friesen li...@nadir-seen-fire.comwrote: Read both OAuth 2 (and

Re: [Wikitech-l] OAuth Implementation

I indeed meant the OAuth extension for PHP (the PECL one). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerro...@gmail.com On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott datzr...@alizeepathology.com wrote: Read both

Re: [Wikitech-l] OAuth Implementation

Hi Tyler, I've been slowly trying to organize getting an implementation done. OAuth does have it's issues, but about once a week I have other developers here at WMF who want to do a project that would be much easier and more secure if we had OAuth. We started a list of stories here

Re: [Wikitech-l] OAuth, abstract implementation, and built-in unknown / internal / import applications.

I wanted to get in a couple responses to Daniel, as well as try to make sure the conversation doesn't die. Obviously having a lead person in the OAuth2 process leave may effect what we want to implement. Or may spawn a new standard in the near future. But I hope we can still move ahead with laying

Re: [Wikitech-l] OAuth, abstract implementation, and built-in unknown / internal / import applications.

On Fri, 27 Jul 2012 10:59:30 -0700, Chris Steipp cste...@wikimedia.org wrote: I wanted to get in a couple responses to Daniel, as well as try to make sure the conversation doesn't die. Obviously having a lead person in the OAuth2 process leave may effect what we want to implement. Or may

Re: [Wikitech-l] OAuth, abstract implementation, and built-in unknown / internal / import applications.

On Fri, Jul 27, 2012 at 3:05 PM, Daniel Friesen li...@nadir-seen-fire.comwrote: On Fri, 27 Jul 2012 10:59:30 -0700, Chris Steipp cste...@wikimedia.org wrote: I think I understand what your saying about that, and that's one way it could be done. I had also given some thought to extending the

Re: [Wikitech-l] OAuth, abstract implementation, and built-in unknown / internal / import applications.

On Fri, 27 Jul 2012 16:03:34 -0700, Rob Lanphier ro...@wikimedia.org wrote: On Fri, Jul 27, 2012 at 3:05 PM, Daniel Friesen li...@nadir-seen-fire.comwrote: On Fri, 27 Jul 2012 10:59:30 -0700, Chris Steipp cste...@wikimedia.org wrote: I think I understand what your saying about that, and

[Wikitech-l] OAuth, abstract implementation, and built-in unknown / internal / import applications.

From the start of the OAuth idea I've been thinking we should handle the code in an abstract way. ie: Applications and Authorizations should be something MediaWiki implements internally in an abstract way. And then we write an OAuth extension that extends this and lets you authorize OAuth 2

[Wikitech-l] OAuth Implicit Grant; CORS support likely necessary

In the OAuth user stories it was suggested that we might want to support OAuth Implicit Grant. -- Explanation of Implicit Grant -- In OAuth 2 the Implicit Grant is one where you send the user to the Authorization endpoint. The user allows your application access. And then sends the user

[Wikitech-l] OAuth musings

I've been reading over various OAuth related specs and resources. Some interesting things I learned while reading up: == Clients cannot be trusted with security == As far as SSL/TLS goes, this doesn't provide OAuth with as much security as one might think. The whole SSL is broken factor aside

Re: [Wikitech-l] OAuth musings

On 14 July 2012 11:30, Daniel Friesen li...@nadir-seen-fire.com wrote: I've been reading over various OAuth related specs and resources. Some interesting things I learned while reading up: Can we have TL;DR version too? Anything else than there are many problems with OAuth? -Niklas --

Re: [Wikitech-l] OAuth musings

On Sat, 14 Jul 2012 06:09:54 -0700, Niklas Laxström niklas.laxst...@gmail.com wrote: On 14 July 2012 11:30, Daniel Friesen li...@nadir-seen-fire.com wrote: I've been reading over various OAuth related specs and resources. Some interesting things I learned while reading up: Can we have

[Wikitech-l] OAuth

Hi all, Thanks to everyone who contributed user stories about ways that would like to see OAuth incorporated into MediaWiki! A few of us here at WMF have looked at the stories, and I've distilled them down to some general statements about what it seems like the community wants from the project

Re: [Wikitech-l] OAuth

I don't have much experiences in this area, but I really want to see this happen, so if there is anything I can help with (for example set up a test site on wikimedia labs where we could work on this), let me know. As soon as there is any public code I can take a look in that and try to

Re: [Wikitech-l] OAuth

Some updates on this? Is WMF or someone going to work on this or it's waiting for someone to start? On Fri, Mar 16, 2012 at 3:19 PM, Petr Bena benap...@gmail.com wrote: Sorry, few typos: So, right now a question is if it's supposed to be implemented as extension or in core, or both (in case

Re: [Wikitech-l] OAuth

Petr, OAuth is something we're committing to on the roadmap for Summer/Fall of this year. So baring anything crazy occurring, oauth should be happening over the next few months. I'm planning to help drive the process from WMF's side, but it's something I'm hoping some people in the community will

Re: [Wikitech-l] OAuth

The current version of http://www.mediawiki.org/wiki/OAuth was written by me and Dario. It's definitely a starting point and not a finished proposal. I am not sure to what extent the OAuth 2 protocol has evolved since this was written but that definitely needs to be checked. Diederik On Fri,

Re: [Wikitech-l] OAuth

I still have the same stance on the topic as before: http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/59502 I really don't want MediaWiki to fall into the trap of implementing this in a way that ONLY works with OAuth 2, completely excludes other protocols (OAuth 1,

Re: [Wikitech-l] OAuth

Well, make sure to participate in the development of the system then! On Fri, Apr 27, 2012 at 3:12 PM, Daniel Friesen li...@nadir-seen-fire.com wrote: I still have the same stance on the topic as before: http://thread.gmane.org/gmane.science.linguistics.wikipedia.technical/59502 I really

Re: [Wikitech-l] OAuth

Am 28.04.2012 00:18, schrieb Ryan Lane: Well, make sure to participate in the development of the system then! On Fri, Apr 27, 2012 at 3:12 PM, Daniel Friesen li...@nadir-seen-fire.com wrote: I still have the same stance on the topic as before: sorry to drop in, just a question: why haven't

Re: [Wikitech-l] OAuth

sorry to drop in, just a question: why haven't you ever thought about implementing Extension:OpenID ? Well, this discussion is on OAuth. They do different things. - Ryan ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org

Re: [Wikitech-l] OAuth

Am 28.04.2012 00:25, schrieb Ryan Lane: sorry to drop in, just a question: why haven't you ever thought about implementing Extension:OpenID ? Well, this discussion is on OAuth. They do different things. - Ryan okay :

Re: [Wikitech-l] OAuth

Good, concise answer Tom. If you have an OAuth use case / user story, please update: http://www.mediawiki.org/wiki/OAuth/User_stories Thanks! On Fri, Apr 27, 2012 at 3:29 PM, Thomas Gries m...@tgries.de wrote: Am 28.04.2012 00:25, schrieb Ryan Lane: sorry to drop in, just a question: why

Re: [Wikitech-l] OAuth

On Fri, Apr 27, 2012 at 4:05 PM, Chris Steipp cste...@wikimedia.org wrote: If you have an OAuth use case / user story, please update: http://www.mediawiki.org/wiki/OAuth/User_stories Hi everyone, I'd like to second this ^^^ Support for OAuth is not a binary thing, and so we'll need these user

Re: [Wikitech-l] OAuth

So, right now a question is if it's supposed to be implemented as extension or in core, or both (in case extension can't be created now, updated core do that it's possible). I would rather make is as extension since there is a little benefit for most of mediawiki users in having this feature. I

Re: [Wikitech-l] OAuth

Sorry, few typos: So, right now a question is if it's supposed to be implemented as extension or in core, or both (in case extension can't be created now, update core so that it's possible). ^ that's what I was about to say On Fri, Mar 16, 2012 at 3:17 PM, Petr Bena benap...@gmail.com wrote:

Re: [Wikitech-l] OAuth

Am 13.03.2012 16:10, schrieb John Erling Blad: Exporting authentication from Mediawiki by OAuth is probably both acceptable and interesting, even if OAuth is said to give a rather weak security. It could be that people are a bit confused about OAuth vs OpenID. Please don't touch or change

Re: [Wikitech-l] OAuth

On Tue, 13 Mar 2012 04:50:05 -0800, Petr Bena benap...@gmail.com wrote: Hi, it's been almost 4 years since we came with the idea of implementing an OAuth to mediawiki. I think it's time to start. Question now is if it should be a part of core or extension for mediawiki. I myself would rather

  1   2   >