When someone compromises an account without obtaining the password, owner-only OAuth consumers can be used to create a permanent backchannel to that account (much like bot passwords). Doing that should require elevated security (reauthentication).
Description
Description
Details
Details
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
Require reauthentication for proposing or managing consumers | mediawiki/extensions/OAuth | master | +68 -1 |
Related Objects
Related Objects
Event Timeline
Comment Actions
Change 611342 had a related patch set uploaded (by Gergő Tisza; owner: Anomie):
[mediawiki/extensions/OAuth@master] Require reauthentication for proposing or managing consumers