Page MenuHomePhabricator

OAuth consumer metadata is too limited
Open, HighPublic

Description

It's great that each action performed by an OAuth consumer is tagged as such. It would also be nice if the consumer description page was a bit more user-friendly. As an example:

https://commons.wikimedia.org/wiki/Special:OAuthListConsumers/view/90b858d7d1179a1b4eee89956e735e80

What I'm missing on this page:

The callback link in this case is identical to the tool link, but it doesn't have to be. So I'd recommend including the following in the consumer metadata:

  • author URL (username URL or website)
  • tool description / usage instructions URL
  • tool URL
  • bug reports / feedback URL
  • source code URL

Once we have a bit more metadata, we can clean the special page up and make it less technical and more understandable, since we can reasonably expect users to visit these pages from the Tag: links in recent-changes/contributions.

I understand that consumers may not have all required information by the time they're requesting a token, and in some cases, not all of it will be applicable or required. So all of the above could be optional, and supplied later.


Version: unspecified
Severity: enhancement

Details

Reference
bz58193

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 2:32 AM
bzimport set Reference to bz58193.
bzimport added a subscriber: Unknown Object (MLST).
Eloquence created this task.Dec 9 2013, 3:17 AM

Side note - it may be useful to consider a restricted namespace for OAuth consumer metadata, using ContentHandler, similar to Zero:, Campaign:, Schema:. Perhaps even integrating with the metadata that feeds into http://tools.wmflabs.org/ for a Tool: namespace, since there's likely to be a fair bit of duplication. If something like that sounds like a good idea, it may be worth a separate bug to track. CCing Yuvi (who implemented Campaign:) & Marc-Andre for this reason.

Hi Erik,

This is a slightly more general request of bug 56946, which was from the feedback from Jared/UX.

I think the discussion on that bug, and your notes here bring up a decision about how much flexibility we want to give the developers vs. enforcing a standard set of metadata / page naming / page design. I'll ping Dan on that.

I'll leave a note here since I was thinking about filing a similar bug. When I'm looking at the list of connected apps the information on what is actually connected is very limited. My immediate question was "who is this non-linked 'jalexander' dude who runs this tool?

While obviously my username is global we do not, yet (and god knows when that will complete ;) ), have fully unified accounts for everyone and so it is in theory possible someone with a local account (where someone else owns the global account of that name) could propose a consumer. In that case someone looking at the connected list would have no idea which user it was.

Deskana removed a subscriber: Deskana.Jun 23 2015, 4:36 PM
Tgr added a subscriber: Tgr.Jun 23 2015, 7:50 PM

Free-form linking is T57705.

Tgr raised the priority of this task from Normal to High.Mar 7 2017, 4:59 AM
Tgr added a subscriber: Harej.May 1 2018, 3:03 PM

Side note - it may be useful to consider a restricted namespace for OAuth consumer metadata, using ContentHandler, similar to Zero:, Campaign:, Schema:.

The task for that is T109156: Investigate converting OAuth to use ContentHandler.

Perhaps even integrating with the metadata that feeds into http://tools.wmflabs.org/ for a Tool: namespace, since there's likely to be a fair bit of duplication.

I've been wondering about the same thing recently. @Harej any thoughts how Toolhub and the OAuth management interface would interact? My original plan (which I haven't been able to work on for a long time) was T109156 - create a dedicated form with fields like description and URL for OAuth consumers, and use ContentHandler to display the information as a wiki page; but most (although not all) OAuth consumers are for Toolforge / Cloud VPS tools, and ToolHub covers largely the same functionality for those. So some kind of interoperability would be nice.

Restricted Application added a subscriber: Danmichaelo. · View Herald TranscriptMay 1 2018, 3:03 PM
Harej added a comment.May 1 2018, 4:10 PM

I don't have any short or medium term plans around integrating with OAuth metadata at the moment, but it is an interesting idea. I think I would want to first know how metadata in OAuth is handled and how it could be integrated into Toolhub tool record generation.

Tgr added a comment.May 1 2018, 4:22 PM

Right now there isn't much OAuth tool metadata to speak of (tool name, plaintext tool description, tool author name) but that needs to be changed as it results in a very poor user experience.