When you register on Phabricator using MediaWiki OAuth, it will prompt you for an email address, then send you through an email verification process, even though MediaWiki provides it with an already verified email address. That's a crappy user experience. (It's extra crappy when it happens during Phabricator's own OAuth process, such as in the case of a https://discuss-space.wmflabs.org login-registration, since during email verification Phabricator completely abandons the original action that caused it to prompt the user to register, so the Discourse registration process gets restarted.)
Description
Event Timeline
during email verification Phabricator completely abandons the original action that caused it to prompt the user to register, so the Discourse registration process gets restarted
To be a little clearer, this is how it should work:
- user clicks on "register" in Discourse (discuss-space)
- user is sent to Phab for OAuth authorization
- user is not logged in, Phab shows "login" screen (ie. mediawiki.org SUL login button)
- user clicks button
- user is sent to mediawiki.org for the OAuth authorization (for Phab app)
- user accepts authorization dialog
- Phab copies verified mediawiki.org email address
- user is sent back to Phab
- Phab shows its own OAuth authorization dialog (for Discourse app)
- user accepts
- user is sent back to Discourse and logged in
In actual reality, step 7 doesn't happen, and instead of step 9 Phab asks the user to provide an email address, then sends a verification email, then (after verification) doesn't send him anywhere.
Phab copies verified mediawiki.org email address
Does MediaWiki allow accessing a user's email address and/or OAuth allow passing the email address?
Consumers with either the mwoauth-authonlyprivate or the privateinfo grant can use the OAuth profile endpoint to get the email address. (Consumers with privateinfo can also just use the API, e.g. userinfo.)