To support the API Portal, the OAuth extension will include a set of REST endpoint that allow the Portal to create, list, and reset secrets for OAuth clients. The purpose of this task is to address the issue of access to these endpoint from the public internet.
To do:
- Discuss whether it is an issue that these endpoints are exposed to the public internet
- Investigate ways to address this issue
- Prioritize the implementation effort in relation to the API Portal implementation plan
- Implement the solution
Background:
The OAuth extension, as configured on meta.wikimedia.org, requires that a user be logged in with a valid Wikimedia account to use the endpoints.