Page MenuHomePhabricator

Define Grants for CentralAuth
Closed, ResolvedPublic

Description

I'm now using API with OAuth clients for some tasks for semi automated.
However, currently can not global block or remove that via API with OAuth Clients due to not defined related GrantPermissions for CentralAuth.
Of course, I can use APIs if I set a main session to bot. but I don't want share my main sessions with bot for insecure.

For this, I propose to define a related GrantPermissions (centralauth-lock, centralauth-oversight).

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

It means we can be improve our security for user not sharing password with bots or similar .

Event Timeline

Rxy created this task.Apr 11 2018, 8:26 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 11 2018, 8:26 PM

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

Change 425660 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/extensions/CentralAuth@master] Add GrantPermissions with centralauth-lock, centralauth-oversight

https://gerrit.wikimedia.org/r/425660

Rxy added a comment.Apr 11 2018, 8:46 PM

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

same as T192024#4124948

Change 425660 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Add GrantPermissions with centralauth-lock, centralauth-oversight

https://gerrit.wikimedia.org/r/425660

MarcoAurelio closed this task as Resolved.Apr 19 2018, 8:54 AM