Page MenuHomePhabricator

Make the terminology of OAuth UI and documentation easy to understand
Open, Needs TriagePublic

Description

We should research what terminology other large sites use and adapt to that. Currently we use some technical terms which are confusing to even most developers, and we mix multiple terms for the same thing or use the same term for multiple things.

Particular pain points:

  • consumer / app / client - "consumer" is OAuth 1.0 terminology and not widely known, we started with that and still use it in most places; "client" matches the OAuth 2.0 terminology and is reasonably intuitive, we use it in some OAuth 2 specific code / documentation; "app" is arguably the most intuitive, we use it in some end-user-facing UI/docs.
  • id / token / key / secret - ID might refer to the client key but also to the internal database ID which leaks to the UI in some cases; token can refer to either the key or the key+secret pair in OAuth 1 (in OAuth 2 there is only a single token).