Page MenuHomePhabricator

Admin whitelists client
Closed, DeclinedPublic

Description

Admin whitelists client so that users do not have to give consent to share profile information every time they login.

This feature must be controlled by a configuration flag which would default to not allowing whitelisting. If whitelisting is enabled on a wiki that is providing authentication, then client admins would be able to specify if the client should be whitelisted when registering the client with the wiki or editing the client's OAuth configuration for the wiki. If a client is thus whitelisted, users who are authenticating with the client would not be presented with the consent dialog from the wiki during the authentication process. Note that this is not a desirable feature for a public wiki used for authentication with untrusted clients, since it can cause information leakage of user profile information to the clients. However, it is a very useful feature between trusted applications in an enterprise.

Priority: Optional

Acceptance Criteria:

In T229508 and T229509, the user is not presented with an authorization dialog at step 3 and the workflow continues as if the user had authorized the server.

Event Timeline

CCicalese_WMF lowered the priority of this task from Medium to Low.Aug 1 2019, 4:24 PM

Change 539116 had a related patch set uploaded (by ItSpiderman; owner: ItSpiderman):
[mediawiki/extensions/OAuth2@master] Admin whitelists client

https://gerrit.wikimedia.org/r/539116

Somehow I missed this. I think this is kind of a dangerous workflow; taking away the user's control of whether to give their ID to the client is really troubling.

Whitelisting would be optional. It is useful in an enterprise environment, where one application in an enterprise serves as the authentication provider for another trusted application. That being said, I've seen that done at the OpenID Connect layer on top of OAuth 2.0 for the openid scope, not in general. I'd be interested in a Security perspective. @Reedy?

In an enterprise situation that makes sense. I think it's a problem for public sites like WMF sites.

In an enterprise situation that makes sense. I think it's a problem for public sites like WMF sites.

Of course, MediaWiki is also used by other people than WMF sites...

Of course, MediaWiki is also used by other people than WMF sites...

I should have been clearer. "I didn't think of the enterprise application. Whitelisting client apps seems like something that would be very rarely done for public sites, if ever. I don't know enough about OpenID Connect in enterprise application workflows to comment."

I updated the task description for clarity.

We will not be implementing this feature at this time.

Change 539116 abandoned by ItSpiderman:
Admin whitelists client

Reason:
Intergrated into OAuth extension

https://gerrit.wikimedia.org/r/539116