Page MenuHomePhabricator

Phabricator should reuse confirmed MediaWiki email during registration
Open, LowPublicFeature

Description

When you register on Phabricator using MediaWiki OAuth, it will prompt you for an email address, then send you through an email verification process, even though MediaWiki provides it with an already verified email address. That's a crappy user experience. (It's extra crappy when it happens during Phabricator's own OAuth process, such as in the case of a https://discuss-space.wmflabs.org login-registration, since during email verification Phabricator completely abandons the original action that caused it to prompt the user to register, so the Discourse registration process gets restarted.)

Event Timeline

during email verification Phabricator completely abandons the original action that caused it to prompt the user to register, so the Discourse registration process gets restarted

To be a little clearer, this is how it should work:

  1. user clicks on "register" in Discourse (discuss-space)
  2. user is sent to Phab for OAuth authorization
  3. user is not logged in, Phab shows "login" screen (ie. mediawiki.org SUL login button)
  4. user clicks button
  5. user is sent to mediawiki.org for the OAuth authorization (for Phab app)
  6. user accepts authorization dialog
  7. Phab copies verified mediawiki.org email address
  8. user is sent back to Phab
  9. Phab shows its own OAuth authorization dialog (for Discourse app)
  10. user accepts
  11. user is sent back to Discourse and logged in

In actual reality, step 7 doesn't happen, and instead of step 9 Phab asks the user to provide an email address, then sends a verification email, then (after verification) doesn't send him anywhere.

Aklapper moved this task from To Triage to Needs code (in Phab or bot) on the Phabricator board.
Aklapper changed the subtype of this task from "Task" to "Feature Request".Jan 4 2024, 10:17 PM

Phab copies verified mediawiki.org email address

Does MediaWiki allow accessing a user's email address and/or OAuth allow passing the email address?

Consumers with either the mwoauth-authonlyprivate or the privateinfo grant can use the OAuth profile endpoint to get the email address. (Consumers with privateinfo can also just use the API, e.g. userinfo.)