Page MenuHomePhabricator

Using OAuth will prevent sysop-level functionalities
Open, NormalPublicBUG REPORT


While investigating T229293 I learned that we have hard-coded into that if the user is using OAuth then sysop accounts should not be allowed.

Apparently, this is because with OAuth you only specify a consumer token pair and an access token pair, but you do not explicitly specify a username, so Pywikibot has no way to know which user account it is operating under (and, I am guessing, it also does not have a way to know which rights that user holds).

However, it does not make sense to me at all. If it is truly impossible for pywikibot to know which account it is associated with, then we should add a "whoami" feature to MW API so that bots logged in using OAuth can re-identify themselves. More importantly, why should Pywikibot know which user it is operating? All it should care for is which rights the user has and which groups the user is in, and again, these should be available through the API.

Event Timeline

Huji created this task.Thu, Aug 22, 1:25 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, Aug 22, 1:25 AM
Huji triaged this task as Normal priority.Thu, Aug 22, 1:25 AM
Huji changed the subtype of this task from "Task" to "Bug Report".