If a user is flagged as a bot and makes edits via OAuth, those edits are not tagged as bot edits. As the bot flag is an account-level setting, all actions that account takes should be tagged as bot edits, including OAuth edits.
Version: unspecified
Severity: normal
The bot flag is a per edit setting, at least when doing edits over api.php[1], the client using OAuth has to set the bot= param to force the bot flag to be set. When a user is in the bot user group, he is able to mark edits as bot, but it is not the default.
[1] http://en.wikipedia.org/w/api.php?modules=edit
...
bot - Mark this edit as bot
...
The bot flag hasn't worked that way for a long time now, at least for edits. API edits have to include the "bot" parameter for the edit to be flagged; old screen-scraping edits via index.php worked the opposite way, but I really hope no one is doing *that* anymore.
I just tested this locally and it worked fine for an API edit. Note that the account making the edit needs to have the 'bot' flag and the OAuth grants must include "High-volume editing".
(In reply to Brad Jorsch from comment #2)
I just tested this locally and it worked fine for an API edit. Note that the
account making the edit needs to have the 'bot' flag and the OAuth grants
must include "High-volume editing".
As far as your average user/administrator on-wiki is concerned, bot flags are an either-or; either an account is a bot and all the edits it makes are bot actions, or an account isn't a bot and none of the edits it makes are bot edits. The interface reinforces this; a bot flag is an account-level setting in Special:UserRights, rather than an edit-level setting. That the API allows that edit-level granularity is irrelevant in terms of user experience; the user doesn't use the API.
So we've got two choices.
I much prefer the former, because it's a lot less work from all three perspectives (engineering, design and product).
Except it *is* an edit-level setting. I don't really know what the "average user/administrator on-wiki" might think, but the fact that I don't recall ever seeing anyone complaining about the existing behavior and that bug 16349 doesn't have a huge list of duplicates argues against it.
Your option 1 has nothing to do with OAuth, but does have to do with changing behavior that has existed since the edit API was added and is relied upon to the point of being mentioned at [[en:WP:BOTFLAG]] to explain why some really old bots aren't flagged as such.
While it might seem like a lot less work, I'd think it would also be a "torches and pitchforks" change.
(In reply to Brad Jorsch from comment #4)
Except it *is* an edit-level setting. I don't really know what the "average
user/administrator on-wiki" might think, but the fact that I don't recall
ever seeing anyone complaining about the existing behavior and that bug
16349 doesn't have a huge list of duplicates argues against it.
It is an edit-level setting in the API. It's not an edit-level setting in the user interface, which is my entire point.
It's clear we're talking right past each other though, so I give up trying to explain.
(In reply to Dan Garry from comment #5)
It is an edit-level setting in the API. It's not an edit-level setting in
the user interface, which is my entire point.
I don't know about that. On Special:Watchlist and Special:RecentChanges the little 'b' shows up next to the 'm' for minor edits, rather than being next to the username. And on enwiki at least, it's not too uncommon to find accounts with bot names (e.g. "ClueBot NG") making edits that show up without the 'b'.
Although the wording of the toggle as "Show bots" rather than "Show bot edits" does go towards your point, as does the tooltip for the 'b' ("This edit was performed by a bot").
The wording of the bot right, "Be treated as an automated process", doesn't really go either way IMO, nor do the rest of the rights-granting related areas. Things here could as easily be meaning "edits are flagged as 'bot'" or "can flag edits as 'bot'", as far as that goes. Although the existence and description of the "markbotedits" right does hint that edits are individually flagged rather than all edits made by a user.
I don't see anywhere else that the bot right or the bot flag show up in core in a quick search.
Some of the confusion in all this is likely due to the fact that the bot user right originally did force all edits to be flagged as bot. But it turned out that not all edits by a "bot" account should be hidden from Special:RecentChanges, leading to various bots not being given the bot right so their edits wouldn't be hidden. Then the functionality was changed so the bot right gave permission to flag edits rather than forcing the flagging of edits.
What parts of the interface would you change besides the default text of MediaWiki:rcshowhidebots and MediaWiki:recentchanges-label-bot?
I think I agree with Brad that creating a difference between edits made via the api, and edits made via the api that just happen to use OAuth for authentication (instead of a session/token) is a little artificial.
Moving the bot right to basic rights so that tools that use OAuth don't have to explicitly ask for it... maybe? Although I think if my account had a bot right, I'd want the ability to revoke that from an OAuth app separately from other rights (how we coded it currently).
(In reply to Chris Steipp from comment #7)
I think I agree with Brad that creating a difference between edits made via
the api, and edits made via the api that just happen to use OAuth for
authentication (instead of a session/token) is a little artificial.
The real problem, it seems, is that *all* edits made through the editing interface on a bot account (i.e. all edits made by a human) are tagged as bot edits. That created for me, the end user, an expectation that all edits made on a bot account are bot edits. I don't understand the user story for this behaviour at all. I'll raise this issue on wikitech-l, because it's outside the scope of this bug (and outside the scope of OAuth, actually).