OAuth currently uses a custom table and a bunch of special pages (Special:OAuthListConsumers, Special:OAuthManageConsumers, Special:OAuthConsumerRegistration) to input/store/display OAuth application information. In the wikitech-l discussion @Legoktm recommended using ContentHandler instead of a database. This task is to examine the plausibility and benefits/drawbacks of that.
Currently we store the following data about consumers:
-- Consumer ID (1:1 with oarc_consumer_key) oarc_id integer unsigned NOT NULL PRIMARY KEY auto_increment, -- OAuth consumer key and secret (or RSA key) oarc_consumer_key varbinary(32) NOT NULL, -- Name of the application oarc_name varchar(128) binary NOT NULL, -- Key to the user who proposed the application oarc_user_id integer unsigned NOT NULL, -- Version of the application oarc_version varbinary(32) NOT NULL, -- Callback URL oarc_callback_url blob NOT NULL, -- Application description oarc_description blob NOT NULL, -- Contact email address oarc_email varchar(255) binary NOT NULL, -- Confirmation of contact email address oarc_email_authenticated varbinary(14) NULL, -- What wiki this is allowed on (a single wiki or '*' for all) oarc_wiki varbinary(32) NOT NULL, -- Grants needed for client consumers oarc_grants blob NOT NULL, -- Timestamp of consumer proposal oarc_registration varbinary(14) NOT NULL, -- Mutable fields below: oarc_secret_key varbinary(32) NULL, oarc_rsa_key blob NULL, -- JSON blob of allowed IP ranges oarc_restrictions blob NOT NULL, -- Stage in registration pipeline: -- (0=proposed, 1=approved, 2=rejected, 3=expired, 4=disabled) oarc_stage tinyint unsigned NOT NULL DEFAULT 0, -- Timestamp of the last stage change oarc_stage_timestamp varbinary(14) NOT NULL, -- Whether this consumer is suppressed (hidden) oarc_deleted tinyint unsigned NOT NULL DEFAULT 0
Some additional data that would be nice to store: rich text (HTML or wikitecxt) description and/or link to such a description; a privacy policy (or a link to it, but in-place is probably better since policy changes should not be possible without the approval of OAuth admins); a link to the author; a link to the application (for certain kinds of applications, which provide their own UI via a separate webpage); links to the source code, developer documentation and bug tracker; and icons and screenshots.
Of the existing fields, oarc_id, oarc_name and oarc_deleted reimplement existing ContentHandler features (title, page or version id, revdel). oarc_secret_key is secret and probably not appropriate for storing in the text table and should be moved to an external source if the private/public service split gets implemented. There should be (although currently there isn't - see T59631) a review workflow, probably implemented via oarc_version and oarc_stage, where one can upload a new version of the app for review while keeping the existing one functional, and the settings are updated as soon as the new version gets accepted. Most of the fields are involved in the authorization process, including some descriptive fields (as the user needs to see a description of what they are about to authorize).
This presents a number of challanges for using ContentHandler:
- content needs to be available cross-wiki as the authorization dialog could be displayed on any site
- some content (at least oarc_secret_key) should stay in the database
- there would have to be some kind of pre-publication review workflow (something similar to how FlaggedRevs works)
On the plus side, ContentHandler would provide change tracking and notification (including diffs, watchlists, checkuser information), and a version history, while in a database-based implementation these would be missing or a lot of effort to reimplement.
On the whole, my first impression is that ContentHandler would not be an improvement here, but I'm not really familiar with it and might have overlooked the right way of using it.