Page MenuHomePhabricator

Special:OAuth doesn't provide a grant to access to private info of users
Closed, ResolvedPublic

Description

Currently, https://www.mediawiki.org/wiki/Special:OAuth/grants#useoauth , doesn't provide any special grant for accessing user's private info such as real name and email address, kindly fix it so that grant can be used. So uiprops = 'realname|email' are not working.

This bug is a major blocker in my GSoC 2014 project of Wikidata Annotation Tool


Version: unspecified
Severity: normal

Details

Reference
bz66493

Event Timeline

bzimport raised the priority of this task from to Normal.Nov 22 2014, 3:19 AM
bzimport set Reference to bz66493.
Apsdehal created this task.Jun 11 2014, 7:23 PM

OAuth doesn't have a grant for 'viewmyprivateinfo'.

It seems like we should make this a separate grant, since most consumers really shouldn't have access to PII.

Bikeshed on grant name, or bundling this with an existing grant?

Separate grant sounds good to me.

Change 139042 had a related patch set uploaded by CSteipp:
Add grant for access to private information

https://gerrit.wikimedia.org/r/139042

Ricordisamoa added a subscriber: Ricordisamoa.
Tgr added a subscriber: Tgr.Jun 23 2015, 1:09 AM

We now have an authonlyprivate grant / special mode. Is this resolved? (I guess no since that still does not allow consumers to get private data and also do actions in the name of the user.)

In T68493#1390528, @Tgr wrote:

(I guess no since that still does not allow consumers to get private data and also do actions in the name of the user.)

IMO you guess correctly.

https://gerrit.wikimedia.org/r/139042 is what we need to do, although Chris mentioned there that it should be blocked on T64686 and T64687.

IMO you guess correctly.
https://gerrit.wikimedia.org/r/139042 is what we need to do, although Chris mentioned there that it should be blocked on T64686 and T64687.

Yes, I think addressing those first is the right thing to do.

Change 139042 restored by Dpatrick:
Add grant for access to private information

Reason:
Restoring

https://gerrit.wikimedia.org/r/139042

@Tgr I'm not sure how to approach this, given the changes made in 49156df6f8067faa979fe4c102385231dea3fade. Can you take a look?

Anomie added a comment.Aug 7 2016, 9:10 PM

The equivalent would be:

Change 303720 had a related patch set uploaded (by Dpatrick):
Add grant for access to private information

https://gerrit.wikimedia.org/r/303720

The equivalent would be:

Ah. Thanks @Anomie.

Change 303720 merged by jenkins-bot:
Add grant for access to private information

https://gerrit.wikimedia.org/r/303720

Anomie closed this task as Resolved.Aug 15 2016, 8:46 PM