Page MenuHomePhabricator
Create Task
Maniphest T307596

User documentation for authentication on WCQS
Closed, ResolvedPublic5 Estimated Story Points
Actions

Description

As a user of WCQS, I need to understand how to integrate with the current authentication scheme on WCQS.

The current authentication is reasonable to understand as a simple user. For more advance use cases, like programmatic access or embedding, the process is convoluted and documentation is needed.

Related Objects

Event Timeline

Gehel created this task.May 4 2022, 3:46 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 4 2022, 3:46 PM
Maintenance_bot added a project: Wikidata.May 4 2022, 4:30 PM
Dominicbm added subscribers: Zbyszko, Dominicbm.May 4 2022, 7:11 PM

I looked into this more and found a breadcrumb here: https://commons.wikimedia.org/wiki/Commons:SPARQL_query_service#API_endpoint

That lead me to a year-old SO comment from @Zbyszko, but aside from being so old it's using the wmflabs.org URL, the method doesn't quite work. However, by looking at the request headers in the browser, I realized if you use Zbyszko's approach but send "cookie": "wcqsSession=<token>", this works. So here is a working example:

https://public.paws.wmcloud.org/User:Dominic/WCQS%20API%20access.ipynb

I realize my token is exposed publicly there, but since you can only use it for queries in the WCQS anyway, and it will expire in a bit, it seems fine.

Some other questions I would like to see still in documentation:

  1. How to generate the wcqsSession token? Even if it's a different call to MWAPI, can I do it via API calls?
  2. If you must be logged in via browser because the user needs to click the "allow" button, can a URL be generated that can open the authorization popup on Commons in one click, or must the user load WCQS and then allow it to redirect them to the permission screen?
  3. What is the expected expiry period for the session token? I haven't seen it in a while in the browser, is it based on time since recent activity rather than a set amount?
  4. Is the wcqsSession token destroyed if a user logs out of their Wikimedia account?
  5. Since user is authenticated and can be tracked, are there rate limits or other controls? (Trying to determine if we built this into a public web app where many users could be querying WCQS concurrently form the same token, would they hit limits?)
Dominicbm added a comment.May 5 2022, 3:11 PM

Also relevant to this task: most of the code samples provided in WCQS for a query (the button next to "download", "link") will not work without authentication, so this code needs to be updated or clarified in accompanying text.

MPhamWMF moved this task from Incoming to Current work on the Wikidata-Query-Service board.May 9 2022, 3:42 PM
MPhamWMF added a project: Discovery-Search (Current work).
MPhamWMF set the point value for this task to 5.May 9 2022, 4:00 PM
MPhamWMF moved this task from Incoming to Ready for Dev -- SWE on the Discovery-Search (Current work) board.
GFontenelle_WMF subscribed.May 9 2022, 6:05 PM
EBernhardson subscribed.EditedAug 23 2022, 11:31 PM

I still can't see it worthwhile to document the existing workflow. It's so convoluted that I suspect anyone that's willing to follow it would simply monitor the connections in their web browsers development inspector and recreate what they see without any explicit documentation required.

Instead in T306899 i've reworked the re-authentication flow to use a second cookie that will allow the documentation to be written in a sane manner. Technically the old method still exists, but it becomes the fallback to the fallback, instead of the first line of re-authentication.

EBernhardson claimed this task.Sep 6 2022, 9:42 PM
EBernhardson moved this task from Ready for Dev -- SWE to In Progress on the Discovery-Search (Current work) board.
EBernhardson added a comment.Sep 12 2022, 6:22 PM

Proposed documentation: P34534

I'm intending to update the wiki page after WCQS deployment and re-verifying the updates work as expected.

EBernhardson moved this task from In Progress to Needs review on the Discovery-Search (Current work) board.Sep 12 2022, 6:22 PM
EBernhardson moved this task from Needs review to Needs Reporting on the Discovery-Search (Current work) board.Sep 13 2022, 4:48 PM
Gehel added a comment.Sep 16 2022, 2:50 PM

Documentation is published on https://commons.wikimedia.org/wiki/Commons:SPARQL_query_service/API_endpoint

Gehel closed this task as Resolved.Sep 26 2022, 10:23 AM

Documentation has been advertised on the Wikidata & Commons mailing list, we can now close this.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits