On 19/03/13 19:21, Jon Robson wrote: > Chris: On the latest iPhone cookies were not accepted from iframes > from sites that were not visited. You had to physically visit the site > by following a link or typing the url into the address bar first. We > are currently investigating whether meta refresh etc can help here - > although that's not ideal. For our projects that would result in over > 13 redirects - a horrible user experience!! > > Correct me if I'm wrong but the 2 problems that CentralAuth solves are > 1) Takes away the inconvenience of having to login across multiple sites Yes.
Typical usecase: you logged in to wikipedia, but then go to Wikimedia Commons to upload a photo → No need to log in again (this is also problematic for newbies, as it's counterintuitive). > 2) Allows communication between wiki sites via CORS that require > authentication. We aren't using CORS right now. > I'm guessing openid / oauth will solve #1 ? Not really. That could solve the "one password for all sites problem", but as that's done at server level, that would still work. It won't fix the you are logged in, then you opened another page [from a different project] and you aren't. > An idea I've banded around to solve #2 would be to allow wikis to > access other projects via the api. > > e.g. > http://en.wikipedia.org/w/api.php?action=query&titles=Photo&project=commons > would allow a developer to access the page Photos on > wikimedia.commons.org rather than having to resort to a CORS request > (ie. it would route the query to the database for commons rather than > wikipedia) > > For api requests that require credentials it would send the > credentials of the current project (in this case wikipedia). > > Is that something that is feasible? We had that in query.php and moved away from it. Feasible, but not going to happen. > (FWIW I actually dislike that CentralAuth currently logs me into > various projects that I never use such as wiktiversity...) But perhaps you do use meta.wikimedia and wikipedia. Although some preference for which sites you want to be logged in could help to control the proliferation of sites there. _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
