Page MenuHomePhabricator

Login screen shown during the OAuth authorization process should have an explanatory message on it
Closed, ResolvedPublic

Description

The MediaWiki OAuth extension allows a MediaWiki wiki to act as an OAuth provider, which can be used by third-party websites to use that wiki for identifying users: the user is sent to the wiki, where they can grant permission to the third-party website through a confirmation dialog to read their identity.

If a user is sent to the confirmation page but they are not logged into the wiki, they are redirected to the wiki's login page, and then back to the confirmation dialog. This might be confusing - users might not understand why they need to login to a completely different site then where they originally were.

This task is about adding an informational message to the wiki login page, which shortly explains why the user needs to log in here. This can be done by implementing the LoginFormValidErrorMessages hook in the OAuth extension.

Extension repository: https://gerrit.wikimedia.org/g/mediawiki/extensions/OAuth

Learn more about Git, Gerrit and how to submit a patch: https://www.mediawiki.org/wiki/Gerrit/Tutorial

Event Timeline

Tgr created this task.Oct 16 2019, 10:34 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 16 2019, 10:34 AM
TheDJ added a subscriber: TheDJ.Oct 16 2019, 11:37 AM
Tgr added a comment.Oct 22 2019, 4:17 PM

If someone wants to take a shot at this, LoginHelper and the LoginFormValidErrorMessages hook are probably the place to look at.

Florian updated the task description. (Show Details)Nov 2 2019, 6:08 PM
Florian added a subscriber: Florian.Nov 2 2019, 6:13 PM

I added a screenshot of how the screen looks at the moment :)

I'm not sure what is expected here, something like the following?

"dashboard.wikiedu.org would like to use your Wikipedia account to log you into their site. Please read the requested permissions carefully and confirm that you want to give that application access to your account."??

Tgr added a comment.Nov 3 2019, 4:03 AM

No, the task is about showing a message on the login screen if the user needs to log in to get access to the authorization dialog.

Awesome! Thanks for the clarification :)

Florian updated the task description. (Show Details)Nov 3 2019, 8:48 PM
Qgil awarded a token.Nov 3 2019, 9:11 PM
Jony added a subscriber: Jony.Nov 4 2019, 2:55 AM
srishakatux updated the task description. (Show Details)Feb 12 2020, 9:36 PM
srishakatux added a subscriber: srishakatux.

(replaced the task description with that used in the GCI task as it was slightly more easy to follow)

Tgr updated the task description. (Show Details)Feb 12 2020, 9:54 PM

Change 572360 had a related patch set uploaded (by Ammarpad; owner: Ammarpad):
[mediawiki/extensions/OAuth@master] Show help message atop SpecialLogin when a user is redirected there

https://gerrit.wikimedia.org/r/572360

Ammarpad claimed this task.Feb 16 2020, 4:49 PM

Change 572360 merged by jenkins-bot:
[mediawiki/extensions/OAuth@master] Show help message atop SpecialLogin when a user is redirected there

https://gerrit.wikimedia.org/r/572360

Tgr closed this task as Resolved.Feb 17 2020, 11:07 PM

Thanks @Ammarpad!