Page MenuHomePhabricator

Confirmation dialog for 'OAuth authenticate only (no api access)' right is not needed
Closed, DeclinedPublic


Currently for a user to authorize with OAuth, with the application rights being set to 'authenticate only (no api access)' (this one: T88757), the user has to go through a confirmation screen. Is there any chance that this can be removed? All that this right gives the tool is the user's user ID/username, and all of the stuff that can be looked up from that (like edit count, registration time, etc.) It does not give any private info, such as the email address or realname. There is no need for this confirmation screen, it looks scary to new users as per T91825, T75062, T69082 and T598, and is unneeded because the tool cannot do anything under the user, and no private info is being transferred.