Page MenuHomePhabricator
Create Task
Maniphest T68493

Special:OAuth doesn't provide a grant to access to private info of users
Closed, ResolvedPublic
Actions

Description

Currently, https://www.mediawiki.org/wiki/Special:OAuth/grants#useoauth , doesn't provide any special grant for accessing user's private info such as real name and email address, kindly fix it so that grant can be used. So uiprops = 'realname|email' are not working.

This bug is a major blocker in my GSoC 2014 project of Wikidata Annotation Tool

Version: unspecified
Severity: normal

Details

Reference
bz66493
SubjectRepoBranchLines +/-
Add grant for access to private informationmediawiki/coremaster+9 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:19 AM
bzimport added a project: MediaWiki-extensions-OAuth.
bzimport set Reference to bz66493.
Apsdehal created this task.Jun 11 2014, 7:23 PM
csteipp added a comment.Jun 11 2014, 7:26 PM

OAuth doesn't have a grant for 'viewmyprivateinfo'.

It seems like we should make this a separate grant, since most consumers really shouldn't have access to PII.

Bikeshed on grant name, or bundling this with an existing grant?

Anomie added a comment.Jun 11 2014, 8:01 PM

Separate grant sounds good to me.

gerritbot added a comment.Jun 12 2014, 12:26 AM

Change 139042 had a related patch set uploaded by CSteipp:
Add grant for access to private information

https://gerrit.wikimedia.org/r/139042

csteipp added a parent task: T86869: Support a nice sso experience with MediaWiki's OAuth.Jan 22 2015, 10:53 PM
Ricordisamoa awarded a token.Feb 11 2015, 2:06 PM
Ricordisamoa subscribed.
bd808 added subtasks: T64686: Replace link to WMF privacy policy with link to app's privacy policy on OAuth authorize dialog, T64687: Add warning for user on /authorize about privacy policy.Feb 25 2015, 10:53 PM
Deskana moved this task from Backlog to Needs Review on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:36 PM
bd808 moved this task from Needs Review to Consumer wants on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:36 PM
bd808 added a project: Reading-Infrastructure-Team-Old (Don't use).Mar 30 2015, 7:42 PM
bd808 moved this task from Backlog to Needs Review/Feedback on the Reading-Infrastructure-Team-Old (Don't use) board.
bd808 subscribed.
Tgr removed a subtask: T64687: Add warning for user on /authorize about privacy policy.Jun 23 2015, 12:12 AM
Tgr subscribed.Jun 23 2015, 1:09 AM

We now have an authonlyprivate grant / special mode. Is this resolved? (I guess no since that still does not allow consumers to get private data and also do actions in the name of the user.)

Anomie added a comment.Jun 29 2015, 8:06 PM
In T68493#1390528, @Tgr wrote:

(I guess no since that still does not allow consumers to get private data and also do actions in the name of the user.)

IMO you guess correctly.

https://gerrit.wikimedia.org/r/139042 is what we need to do, although Chris mentioned there that it should be blocked on T64686 and T64687.

csteipp added a comment.Jun 29 2015, 8:33 PM

IMO you guess correctly.

https://gerrit.wikimedia.org/r/139042 is what we need to do, although Chris mentioned there that it should be blocked on T64686 and T64687.

Yes, I think addressing those first is the right thing to do.

Tgr mentioned this in T98843: Store a link to app's privacy policy in OAuth consumer registration form.Jun 29 2015, 9:00 PM
dpatrick subscribed.Jul 15 2016, 2:59 AM
gerritbot subscribed.Jul 15 2016, 3:03 AM

Change 139042 restored by Dpatrick:
Add grant for access to private information

Reason:
Restoring

https://gerrit.wikimedia.org/r/139042

dpatrick claimed this task.Jul 15 2016, 3:07 AM
dpatrick added a comment.Aug 5 2016, 11:49 PM

@Tgr I'm not sure how to approach this, given the changes made in 49156df6f8067faa979fe4c102385231dea3fade. Can you take a look?

Anomie added a comment.Aug 7 2016, 9:10 PM

The equivalent would be:

gerritbot added a comment.Aug 9 2016, 12:02 AM

Change 303720 had a related patch set uploaded (by Dpatrick):
Add grant for access to private information

https://gerrit.wikimedia.org/r/303720

dpatrick added a comment.Aug 9 2016, 12:03 AM
In T68493#2531724, @Anomie wrote:

The equivalent would be:

Ah. Thanks @Anomie.

gerritbot added a comment.Aug 15 2016, 8:25 PM

Change 303720 merged by jenkins-bot:
Add grant for access to private information

https://gerrit.wikimedia.org/r/303720

Anomie closed this task as Resolved.Aug 15 2016, 8:46 PM
ReleaseTaggerBot added projects: MW-1.28-release-notes, MW-1.28-release (WMF-deploy-2016-08-16_(1.28.0-wmf.15)).Aug 15 2016, 9:00 PM
Aklapper removed subscribers: dpatrick, Anomie.Oct 16 2020, 5:42 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL