Page MenuHomePhabricator

Support Google and Github accounts for authenticating in Phab to ease volunteer contribution sign up
Closed, DeclinedPublic

Description

In order to make it easier for contributors to get into the Phabricator system, we should support 3rd party authentication that allows users to claim tickets without having to sign up for a new log in.

For example, at the WMF we use Google accounts to log into Namely for our HR service.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 27 2017, 6:29 PM
Aklapper closed this task as Declined.Jun 28 2017, 12:39 AM

See T16

Fjalapeno reopened this task as Open.Jun 28 2017, 2:20 AM
Fjalapeno added subscribers: JMinor, JoeWalsh.

… With two Wikimedia alternatives that cover virtually all Wikimedia contributors, more options are not really necessary…

@Aklapper we are trying to find ways to ease contributions for volunteers for the mobile apps. I understand that the above statement may be true for PHP MediaWiki contributors, however this is not necessarily the case for contributors to Android and IOS (or even pure front end developers).

This may not have been much of a concern then, but perhaps enough time has passed (2014) and the needs of teams has changed that we may want to revisit this.

Understandable. I'd prefer to revisit in T16 because that's where all discussion took place, or at least post a heads-up in that task. Thanks. :)

Peachey88 added a subscriber: Peachey88.

Added WMF-Legal for their input. Privacy Policies etc.

demon added a subscriber: demon.Jun 28 2017, 9:33 PM

I think our users are more likely to have a Wikimedia SUL account than they are to have a Github account. Plus I don't trust Github.

(Also: WMF staff being able to use their WMF google accounts to sign into things is a red herring imho. All staff should absolutely have a SUL account)

Krinkle added a subscriber: Krinkle.Jul 8 2017, 4:52 AM

Although Phabricator has authentication plugins for GitHub, Google, and other identity providers, we have decided not to use them. With two Wikimedia alternatives that cover virtually all Wikimedia contributors, more options are not really necessary. Besides, these services depend on proprietary third party sites, and they might raise concerns about privacy and commercial interests. For more details, see T16 - Support only WMF SUL and LDAP as authentication mechanisms.

I think our users are more likely to have a Wikimedia SUL account than they are to have a Github account. Plus I don't trust Github.

@demon Agreed: Our users are with out a doubt more likely to have a SUL account.
Opening up different means of authentication is about getting more contributors that don't already have accounts - and where forcing those users to obtain another is a barrier to entry. Many Android and iOS developers already have Github accounts and many people on the web have Google accounts. This is the rationale for asking to revisit this topic.

I would hope we have some trust for Github and Google for authentication since the WMF uses them. Google hosts ALL of our email communication and Github either mirrors or hosts pretty much all of our code. If there are specific trust or privacy concerns with either service, we should absolutely list them out and address them before moving forward.

demon removed a subscriber: demon.Jul 11 2017, 5:08 PM

I would hope we have some trust for Github and Google for authentication since the WMF uses them. Google hosts ALL of our email communication and Github either mirrors or hosts pretty much all of our code. If there are specific trust or privacy concerns with either service, we should absolutely list them out and address them before moving forward.

Mirroring requires no trust. If specific teams trust Github enough to develop on it, that's on them. It's never been an officially supported workflow. And we sure as heck don't deploy from Github--RelEng has made this abundantly clear.

Anyway, I'm vehemently opposed to the idea, but it's hardly the hill I want to die on. Consider my objections raised.

Krinkle removed a subscriber: Krinkle.Jan 23 2018, 1:19 AM
Krenair closed this task as Declined.Jun 4 2018, 6:47 PM
Krenair added a subscriber: Krenair.

I would hope we have some trust for Github and Google for authentication since the WMF uses them. Google hosts ALL of our email communication and Github either mirrors or hosts pretty much all of our code. If there are specific trust or privacy concerns with either service, we should absolutely list them out and address them before moving forward.

Actually IIRC Google only hosts staff mail. It isn't involved in sending wiki's mail, it isn't involved in OTRS, it isn't involved in Phabricator email, etc. etc.

Anyway, declining per @Aklapper + demon + @greg's link and the ticket above (including qgil's comment there)

Restricted Application removed a subscriber: Liuxinyu970226. · View Herald TranscriptJun 4 2018, 6:47 PM