On Tue, Mar 15, 2016 at 9:08 PM, Platonides <[email protected]> wrote:
> A problem I find with OAuth is that often you don't know at all what it is > going to do. > > So, taking wikimetrics as an example, it says: > «In order to complete your request, Wikimetrics Website needs permission > to access information on meta.wikimedia.org on your behalf. No changes > will be made with your account.» > > Which information does it access? Your account name? Your watchlist? The > checkuser log (supposing you were a CU)? > That particular message is used when it will only be able to get some information about your user account: your username, edit count, whether you confirmed your email address, whether you're blocked, when your account was created, what groups your account is a member of, what user rights are available to your account, what grants are available to the OAuth application, and (sometimes[1]) your "real name"[2] and email address. Since the OAuth application isn't being allowed to use the 'read' right, it won't be able to access much of anything else. If you'd like to suggest improvements to the message, the messages are mwoauth-form-description-allwikis-nogrants and mwoauth-form-description-onewiki-nogrants. You could reply here with suggestions, although it might be easier to track in Phabricator, or you could submit a patch yourself with better wording. [1]: It depends if the OAuth consumer was registered as "Authentication only, no API access" or "Authentication only with access to real name and email address via Special:OAuth/identify, no API access". [2]: MediaWiki can have a "Real name" field in Special:Preferences, but this is hidden on WMF wikis. -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation
_______________________________________________ Labs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/labs-l
