Page MenuHomePhabricator
Create Task
Maniphest T185447

Update Phabricator OAuth scopes in documentation
Open, LowPublic
Actions

Description

In T179202#3861385, @jayvdb wrote:

Repeating some of what I put into the code review of https://github.com/python-social-auth/social-core/pull/169

I suspect that the default OAuth scope is actually scope.always. Check out https://secure.phabricator.com/D15621 , which removed previous scopes offline_access and whoami as no longer needed, but added a new one.

Phabricator has no published defined scopes, as noted at https://github.com/ofbeaton/oauth2-phabricator#managing-scopes , and "This section has not been written yet." on https://secure.phabricator.com/book/phabcontrib/article/using_oauthserver/ .

If true, this deserves special mention as Phabricator is very odd in that regard; not many other OAuth providers have no scopes at all.

If we do figure out the scopes, maybe there is a documentation task to be done ... :P

But as I mentioned above, it looks like the scope scope.always exists, and I wouldnt be surprised if the myriad other scopes in phabricator also work via OAuth.

A bit more investigation needed (however the GCI task criteria have been met, and so it is approved).

Related Objects
Search...

Event Timeline

divadsn created this task.Jan 22 2018, 8:40 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 22 2018, 8:40 AM
divadsn added a parent task: T179202: Create Phabricator backend for python-social-auth.Jan 22 2018, 8:41 AM
divadsn added a comment.EditedJan 22 2018, 8:51 AM

Looking at the current source of Phabricator on GitHub, the "required" scope for user.whoami is referring to self::SCOPE_ALWAYS, therefore the docs for https://github.com/ofbeaton/oauth2-phabricator should be updated to list that scope.

Same applies to the PR made by me for python-social-auth: https://github.com/python-social-auth/social-core/pull/169

divadsn triaged this task as Low priority.Jan 22 2018, 8:53 AM
Aklapper added a comment.Jan 22 2018, 12:52 PM

Is this about some local change specific to Wikimedia's instance of Phabricator, or does this apply to any Phabricator in general (which would make this an upstream issue)?

divadsn added a comment.EditedJan 22 2018, 4:07 PM
In T185447#3917132, @Aklapper wrote:

Is this about some local change specific to Wikimedia's instance of Phabricator, or does this apply to any Phabricator in general (which would make this an upstream issue)?

It applies to Phabricator in general, as the docs at Phabricator are incomplete here: https://secure.phabricator.com/book/phabcontrib/article/using_oauthserver/

I also noticed that they've disabled registration for new contributors, so I am forwarding the question to @jayvdb on how to update the docs at Phabricator.

Edit: The research will save the work for us later at Wikimedia :)

Aklapper edited projects, added Phabricator (Upstream); removed Phabricator.Feb 6 2018, 1:24 PM
Restricted Application added a project: Upstream. · View Herald TranscriptFeb 6 2018, 1:24 PM
divadsn removed divadsn as the assignee of this task.May 20 2020, 6:24 PM

As the scopes are still undocumented yet (I checked the link now) I am going to remove myself from this task for the time.

Aklapper added a comment.May 26 2020, 8:12 AM

Hmm, might be worth to bring this up in https://discourse.phabricator-community.org/ then, I guess. :-/

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL