Page MenuHomePhabricator

authonlyprivate OAuth grant should not mention real name when the wiki does not allow them
Open, Needs TriagePublic

Description

The description of the authonlyprivate grant says Authentication only with access to real name and email address. When real names are disabled (via $wgHiddenPrefs) the grant description should not mention them.

Event Timeline

Tgr created this task.Nov 24 2016, 4:21 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2016, 4:21 AM
Tgr added a comment.Dec 23 2016, 1:23 AM

A similar text is shown in the authorization dialog as well.

Tgr moved this task from Backlog to UI/UX on the MediaWiki-extensions-OAuth board.Mar 7 2017, 3:22 AM
Cirdan added a subscriber: Cirdan.May 7 2019, 8:24 PM
Cirdan added a comment.May 7 2019, 8:26 PM

This wording has been brought up as a concern by a user regarding the InternetArchiveBot's Management Interface. At least on the German-language Wikipedia, unless I'm mistaken there is no way to set a real name in the preferences, hence no real name can be revealed. Nevertheless, this raises questions especially for users who do not understand what kind of mechanism OAuth is.

@Tgr Could you quickly outline how this could be fixed? (E.g. where to place the check and how to check) Thanks!

Tgr updated the task description. (Show Details)May 15 2019, 10:33 AM
Tgr added a comment.May 15 2019, 10:47 AM

The grant text is generated (among other things) by MWGrants::grantName() and there is no easy way to modify that, so probably the least painful approach is to use a hook such as MessageCache::get to show a different message when real names are disabled. (The message used is grant-mwoauth-authonlyprivate.)