Per @Lucas_Werkmeister_WMDE , changes are necessary to wikibase/init.js that looks the config and adds the linke to the #right-navbar if the config says the links should exist (gui repo). In our case, if the instance is configured for SDoC, link (and probably user name) should be there.

Hm, if you want to show the current user name, then you may need to add the WCQS GUI domain to the CORS whitelist. (Note that query.wikidata.org is not on the whitelist, compare T218568.) Unless the authorization proxy leaves the user name somewhere where the on-page JS can get it from without making an API request to Commons… maybe in a cookie?

I don't think showing the current user name is critical at least for MVP.

Change 612680 had a related patch set uploaded (by Mstyles; owner: Mstyles):
[wikidata/query/gui@master] add logout link for wcqs

https://gerrit.wikimedia.org/r/612680

Change 612681 had a related patch set uploaded (by Mstyles; owner: Mstyles):
[operations/puppet@production] add logout config for wcqs

https://gerrit.wikimedia.org/r/612681

Because of the limitations of the cross-domain authorization, clicking on this link should also remove a session cookie for wcqs (wcqsSession), before linking to logout page. This can be don with js (I'll soon upload relevant change to cookie creation - currently it cannot be manipulated by js code).

Would it also be possible to make the GUI link to a special path on the WCQS proxy instead of Commons’ logout page, and then the WCQS proxy unsets the cookie before redirecting to Commons? I’m uneasy with making the cookie available to JavaScript.

Right! That's a far better option and should be easily doable.

Sounds great, thanks :)

Change 612680 merged by jenkins-bot:
[wikidata/query/gui@master] add logout link for wcqs

https://gerrit.wikimedia.org/r/612680

Change 612681 merged by Gehel:
[operations/puppet@production] add logout config for wcqs

https://gerrit.wikimedia.org/r/612681