One of the problem we are facing with the current WDQS SPARQL endpoint is that it is functionally similar to exposing a raw SQL endpoint to the whole internet. We would never do that with SQL. For SQL we instead provide read-only replicas, which are restricted to WMCS. We need something similar, where we can have a little bit more control over what is accessing this new SPARQL endpoint, with the ability to contact abusive bots / users and block them selectively (as a last resort) when needed and the ability to better understand which use cases are. We want this authentication layer to be as light and as unobtrusive as possible. We're likely to iterate on what the best option is here.
Description
Details
Event Timeline
Change 605922 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] OAuth Proxy for MediaWiki oauth plugin
Change 608633 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Configuration code for oauth proxy
Change 608824 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Handle oauth proxy settings
Change 608905 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Authenticate with MW oauth 1.0a for WCQS
Change 608824 abandoned by ZPapierski:
Handle oauth proxy settings
Reason:
Duplicated by:https://gerrit.wikimedia.org/r/c/operations/puppet/ /608633
Change 605922 merged by jenkins-bot:
[wikidata/query/rdf@master] OAuth Proxy for MediaWiki oauth plugin
https://gerrit.wikimedia.org/r/c/wikidata/query/rdf/ /605922
Change 608633 merged by Ryan Kemper:
[operations/puppet@production] Handle oauth proxy settings
Change 608905 merged by Ryan Kemper:
[operations/puppet@production] Authenticate with MW oauth 1.0a for WCQS
Change 609775 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] Handle session with wcqs token
Change 609775 merged by jenkins-bot:
[wikidata/query/rdf@master] Handle session with wcqs token
Change 609909 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Correct url and path for nginx OAuth 1.0a
Change 613127 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[wikidata/query/rdf@master] Set max session cookie age and allow to be deleted
Change 613186 had a related patch set uploaded (by ZPapierski; owner: ZPapierski):
[operations/puppet@production] Add logout location
Change 613127 merged by jenkins-bot:
[wikidata/query/rdf@master] Set max session cookie age and allow to be deleted
Change 609909 merged by Gehel:
[operations/puppet@production] Correct url and path for nginx OAuth 1.0a