Page MenuHomePhabricator

Warn about the possibility of owner-only consumers on action=login
Open, Needs TriagePublic


When action=login aborts due to an incompatible auth provider, it tells about action=clientlogin and bot passwords in the human-readable part of the message, but not owner-only OAuth consumers, even though that is often the best authentication method.

To support this, ApiLogin would probably need to be changed to collect alternative login method suggestions in an array (with some sort of weight system?) and pass it to a hook for extending, then create a bullet list (which is a bit ugly when bot passwords are disabled and there are no extensions so it would end up with a single bullet, but meh).

Event Timeline

Tgr created this task.May 16 2017, 8:44 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 16 2017, 8:44 AM
Anomie added a subscriber: Anomie.

Sounds like a lot of complication for minimal benefit.