Use OAuth 2.0 With Client Developer's Authorization
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	• eprodromou
	Oct 4 2019, 4:24 PM

Description

"As a Developer, I want to use a bearer token for the REST API that represents my organization, to identify requests made on behalf of my company."

This was originally about using client ID's for authorization. Per our discussions, we'd instead like to use a long-lived access token representing the client ID owner.

Related Objects
Search...

Status	Assigned	Task
Invalid	None	T229661 Core REST API in MediaWiki
Resolved	• eprodromou	T234665 Add OAuth 2.0 support to MediaWiki REST API
Open	None	T234666 Use OAuth 2.0 With Client Developer's Authorization

Event Timeline

• eprodromou created this task.Oct 4 2019, 4:24 PM

• eprodromou removed a subscriber: sbassett.Oct 4 2019, 6:50 PM

I'm not sure I understand this. As I said at T234677#5655125, the spec says the client ID should not be used for authorization.

In T234666#5655144, @tstarling wrote:

I'm not sure I understand this. As I said at T234677#5655125, the spec says the client ID should not be used for authorization.

Updated to be about an owner-authorized access token.

Client credentials work fine here.

CCicalese_WMF edited projects, added Core Platform Team Initiatives (MW REST API in PHP); removed Core Platform Team Initiatives (OAuth 2.0).Mar 18 2020, 9:45 PM

Aklapper removed EvanProdromou as the assignee of this task.May 25 2021, 8:39 PM

Aklapper added a subscriber: EvanProdromou.

Adding missing MediaWiki-REST-API code project tag as Core Platform Team Initiatives (MW REST API in PHP) team tag is archived and its parent Platform Engineering team does not exist anymore

Use OAuth 2.0 With Client Developer's AuthorizationOpen, Needs TriagePublicActions

Description

Related ObjectsSearch...

Event Timeline

Use OAuth 2.0 With Client Developer's Authorization
Open, Needs TriagePublic
Actions

Related Objects
Search...