Page MenuHomePhabricator
Create Task
Maniphest T98879

OAuth authorization dialogs should have a plain (skinless) version so that they can be shown in popup windows.
Closed, DuplicatePublic
Actions

Description

A possible design:

oauth-version2.png (1×2 px, 87 KB)

oauth-mobile-2.png (1×640 px, 50 KB)

Related Objects
Search...

Event Timeline

Tgr created this task.May 12 2015, 3:08 PM
Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added projects: MediaWiki-extensions-OAuth, Reading-Infrastructure-Team-Old (Don't use).
Tgr subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 12 2015, 3:08 PM
Tgr added a parent task: T75062: OAuth permission screen needs redesign for better usability and comprehension.May 12 2015, 3:09 PM
Tgr added a comment.May 12 2015, 3:37 PM

T71246 is a poor man's version of this.

Ricordisamoa subscribed.May 12 2015, 3:39 PM

This is the current OAuth flow:

  • the user visits the application's home page
  • they click on a 'Login' link
  • they are redirected to the authorization screen at mediawiki.org
  • they click on the 'Allow' button
  • they get redirected to the application

Using popups, there would be almost no way for the apps to know in real time that they've been authorized.
Not mentioning that, at least in a desktop environment, popups are very annoying and might be blocked even without the user noticing...

Ricordisamoa added a project: Design.May 12 2015, 3:39 PM
Tgr triaged this task as Medium priority.Jun 29 2015, 7:15 PM
Tgr mentioned this in T75062: OAuth permission screen needs redesign for better usability and comprehension.Jul 4 2015, 12:03 AM
Krinkle subscribed.Nov 17 2016, 8:29 PM
NHarateh_WMF added a project: Product-Infrastructure-Team-Backlog-Deprecated.Apr 25 2017, 12:43 PM
NHarateh_WMF moved this task from Needs triage to Backlog on the Product-Infrastructure-Team-Backlog-Deprecated board.Apr 25 2017, 12:46 PM
Tgr removed projects: Product-Infrastructure-Team-Backlog-Deprecated, Reading-Infrastructure-Team-Old (Don't use).May 2 2017, 5:09 PM
Krinkle mentioned this in T71246: Provide a way to show OAuth authorization dialog with a layout appropriate for a popup.Jul 10 2017, 11:07 PM
Tgr added a comment.Jul 15 2022, 2:18 AM

The OIDC spec has a standardized way of requesting the popup version, display=popup.

Tgr mentioned this in T362706: Display the login / signup page in a popup.Apr 16 2024, 6:17 PM
gerritbot added a comment.Wed, May 15, 2:18 AM

Change #1031627 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):

[mediawiki/extensions/OAuth@master] SpecialMWOAuth: Support &display=popup

https://gerrit.wikimedia.org/r/1031627

gerritbot added a project: Patch-For-Review.Wed, May 15, 2:18 AM
matmarex removed a project: Patch-For-Review.Wed, May 15, 2:25 AM
matmarex subscribed.

Oops, that patch was supposed to go on T71246, but I wanted to say here that the difference between that task and this one is not really clear to me.

Tgr added a comment.Wed, May 15, 1:56 PM

Originally that task proposed just making the dialog full-width (so that the skin is hidden beneath it), and this one proposed getting rid of the skin entirely. But yeah, probably wasn't much point in having those as separate tasks.

matmarex closed this task as a duplicate of T71246: Provide a way to show OAuth authorization dialog with a layout appropriate for a popup.Wed, May 15, 4:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL