Page MenuHomePhabricator

Allow OAuth applications to be granted rights the user doesn't have
Open, LowPublic


If an OAuth application is granted right X, it will only be able to use it if the granting user have that right. In a few cases it would be useful to have some kind of "supergrant" where this limitation does not exist. The main use case is IP-related rights such as noratelimit or ipblock-exempt (which the user normally does not need and/or is not trusted with, but the application, while using its own IP, can run into problems the user would not).

Event Timeline

Tgr raised the priority of this task from to Needs Triage.
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Tgr.

I would define this as a «setuid grant»

Tgr triaged this task as Low priority.Mar 7 2017, 4:10 AM

Another would be Upload files from a URL (upload_by_url)