Page MenuHomePhabricator
Create Task
Maniphest T322649

Allow to disconnect a remote account
Open, Needs TriagePublic
Actions

Description

Context: after T283908, already-existing users can auto-link their remote account without haggling with a server administrator. This is really good.

Current situation: after an user connects a remote account, this is what they see from the preferences:

WSOAuth - preferences - remote account highlighted with green peppers.png (485×986 px, 101 KB)

Current missing feature: the user cannot de-link that remote account.

Use cases:

  • fix an accidental login from another remote account
  • delink an untrusted remote (e.g. Elon Musk bought your platform) - so you rely on local username-password or other remotes if supported
  • troubleshoot the platform - showing other people that it works (or not)
  • replay the login - for example because you really like T283908

Proposed solution: add a "Disconnect" button, allowing people to disconnect from the remote account.

Things to discuss: allowing to "Disconnect" a remote account may not be liked by everyone since this extension has many uses, sometime relying on only-remote login. So I propose to implement this feature, disable for everyone as default. Kind of:

$wgOAuthAllowDisconnect = false

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Allow users to disconnect a remotemediawiki/extensions/WSOAuthmaster+460 -80
Customize query in gerrit

Related Objects
Search...

Event Timeline

valerio.bozzolan created this task.Nov 8 2022, 4:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 8 2022, 4:19 PM
valerio.bozzolan updated the task description. (Show Details)Nov 8 2022, 4:20 PM
Xxmarijnw claimed this task.Apr 26 2023, 12:53 PM
Xxmarijnw added a comment.Jun 2 2023, 2:46 PM

Hi @valerio.bozzolan! I have implemented this. Please take a look to see if it meets your requirements: https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WSOAuth/+/912282.

valerio.bozzolan awarded a token.Jun 5 2023, 6:51 AM
valerio.bozzolan added a comment.Jun 5 2023, 6:53 AM

Really a great news!

I hope it was not so complicated, but looking at your change I can just thank you for your efforts.

I can test it this Thursday in a serious way.

valerio.bozzolan added a comment.Jun 5 2023, 6:54 AM

Just for my early curiosity, do you have a screenshot?

valerio.bozzolan added a project: WMCH-Infrastructure.Jun 5 2023, 6:55 AM
valerio.bozzolan moved this task from Backlog to 🌚 Whatching 👀 on the WMCH-Infrastructure board.
Xxmarijnw added a comment.Jun 9 2023, 7:18 AM

Screenshot 2023-06-09 at 09.17.59.png (1×3 px, 255 KB)

Screenshot 2023-06-09 at 09.18.13.png (766×2 px, 168 KB)

Xxmarijnw added a comment.Jul 11 2023, 7:35 AM

@valerio.bozzolan Have you had time to look at this yet?

valerio.bozzolan added a comment.Jul 11 2023, 9:52 AM

Unfortunately with WMCH I was stuck with the compatibility matrix of WSOAuth and Pluggable-thing. Also with the lack of official time allocable on that.

I hope we can test these things faster for you in the future to allow a more creative area and faster review, since this is a great extension.

ValerioBoz-WMCH closed subtask T347091: Upgrade server wmch-members2 from buster (oldoldstable) to bullseye (oldstable) and Mediawiki package (from 1.31 to 1.35.2) as Resolved.Sep 29 2023, 1:20 PM
Aklapper removed Xxmarijnw as the assignee of this task.May 22 2025, 8:06 AM
Aklapper added a subscriber: Xxmarijnw.

The email address of @Xxmarijnw set in Wikimedia Phabricator bounces, thus unassigning.

valerio.bozzolan assigned this task to Xxmarijnw.May 22 2025, 8:40 AM

The user proposed a patch:

https://gerrit.wikimedia.org/r/c/mediawiki/extensions/WSOAuth/+/912282

All the glory so goes to @Xxmarijnw and somebody with knowledge of that codebase should review (I have not). Also I do not understand which combination of WSOAuth and Pluggable-thing we should have to test since I'm stupid, but this assign field is correct.

Xxmarijnw added a comment.Jun 4 2025, 7:14 PM

This helped me realize the e-mail I had assigned in Phabricator is very old, and no longer works :)

Oldiesmann subscribed.Jun 7 2025, 2:16 AM
Oldiesmann added a comment.Jun 7 2025, 2:20 AM

Is this going to be available soon? I am planning to submit the app for my wiki to Facebook soon and would like to allow users to disconnect their FB account.

gerritbot added a comment.Jun 9 2025, 10:45 AM

Change #912282 had a related patch set uploaded (by Aklapper; author: Xxmarijnw):

[mediawiki/extensions/WSOAuth@master] Allow users to disconnect a remote

https://gerrit.wikimedia.org/r/912282

gerritbot added a project: Patch-For-Review.Jun 9 2025, 10:45 AM
Aklapper edited projects, added Patch-Needs-Improvement; removed Patch-For-Review.Jun 9 2025, 10:46 AM

@Oldiesmann: Whenever someone volunteers to rework the available patch and once that patch got accepted

Danysan1 subscribed.Dec 1 2025, 8:46 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits