On Wed, Aug 21, 2013 at 2:05 AM, Nicolas Vervelle <[email protected]>wrote:
> Hi, > > I'm completely new to OAuth, so bear with me if my questions are basic or I > missed a point ;-) > It seems interesting, but seems very oriented for web applications, not so > much for desktop applications. > This is true, for exactly the reason you were asking about-- the secret key needs to be kept private, which is impossible when you distribute the application to other users. OAuth 2 has a framework for dealing with this, but it makes controlling consumers nearly impossible. So we wanted to start with OAuth 1 while everyone gets familiar with the concepts, and we see which use cases actually get used. We may extend the framework to allow situations like this in the future. The best workaround now is probably to have each user register their copy of your desktop application as its own consumer. It's a little ugly having to give your user instructions on cutting and pasting tokens and keys around, but it can work (in the early days of Salesforce, several OAuth apps were configured this way). > > I'm interested in developing this for WPCleaner [1], which is a desktop > application. > Is the callback URL required ? If so, which one should you use for a > desktop application ? > For bots too, I'd like to have the extension implement something like https://developers.google.com/accounts/images/OauthUX_nocallback.png directly in the extension, but that wasn't something we were able to finish before this release. > > Has anyone implemented the connection to WMF wikis using OAuth under Java ? > No, not yet. > > For this to work, you request client tokens (including secret key) for the > client : do this tokens need to be kept privately ? > I'm wondering, because keeping secrets for an open source desktop > application is not easy. > > Nico > > [1] http://en.wikipedia.org/wiki/Wikipedia:WPCleaner > > > > On Wed, Aug 21, 2013 at 6:15 AM, Chris Steipp <[email protected]> > wrote: > > > As mentioned earlier this week, we deployed an initial version of the > OAuth > > extension to the test wikis yesterday. I wanted to follow up with a few > > more details about the extension that we deployed (although if you're > just > > curious about OAuth in general, I recommend starting at oauth.net, or > > https://www.mediawiki.org/wiki/Auth_systems/OAuth): > > > > * Use it: > https://www.mediawiki.org/wiki/Extension:OAuth#Using_OAuthshould > > get you started towards using OAuth in your application. > > > > * Demo: Anomie setup a excellent initial app (I think counts as our first > > official, approved consumer) here > > https://tools.wmflabs.org/oauth-hello-world/. Feel free to try it out, > so > > you can get a feel for the user experience as a user! > > > > * Timeline: We're hoping to get some use this week, and deploy to the > rest > > of the WMF wikis next week if we don't encounter any issues. > > > > * Bugs: Please open bugzilla tickets for any issues you find, or > > enhancement requests-- > > > > > https://bugzilla.wikimedia.org/enter_bug.cgi?product=MediaWiki%20extensions&component=OAuth > > > > > > And some other details for the curious: > > > > * Yes, you can use this on your own wiki right now! It's meant to be used > > in a single or shared environment, so the defaults will work on a > > standalone wiki. Input and patches are welcome, if you have any issues > > setting this up on your own wiki. > > > > * TLS: Since a few of you seem to care about https... The extension > > currently implements OAuth 1.0a, which is designed to be used without > https > > (except to deliver the shared secret to the app owner, when the app is > > registered). So calls to the API don't need to use https. > > > > * Logging: All edits are tagged with the consumer's id (CID), so you can > > see when OAuth was used to contribute an edit. > > > > Enjoy! > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
