Page MenuHomePhabricator

Allow a user to disable an OAuth client
Open, Needs TriagePublic

Description

Background

The OAuth extension includes an admin-only feature to disable a client. Currently, a user can request that their client be disabled through a request to Steward_requests/Miscellaneous on Meta.

To do

To support the API Portal, add a REST endpoint to the OAuth extension that allows a user to disable their own OAuth client.

Event Timeline

apaskulin created this task.Jun 1 2020, 7:37 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 1 2020, 7:38 PM
BPirkle added a subscriber: Tgr.Jun 1 2020, 9:45 PM

I don't have any technical objection to this task. If there are (or were) policy/social reasons why we didn't allow this in the first place on metawiki, I don't know what they are (or were).

I do note that (unless we also make corresponding changes to metawiki), this would introduce a precedent for OAuth client management features being available only on the API Portal. I don't object to that either, I just want to make sure we're doing that intentionally and with awareness.

Adding @Tgr in case he has relevant historical knowledge.