Page MenuHomePhabricator
Create Task
Maniphest T68978

OAuth: Dialog for granting an app permission should clarify or link to what "basic rights" are
Closed, DuplicatePublic
Actions

Description

When an application requests the ability to edit on my behalf there is an unordered list with the rights.

But when an app requests basic rights there is only a plain text message saying app "X" requests basic rights. I have no idea what that means. As a developer I'm hoping that means reading. As a user, I'd think "basic" includes editing as well, and I really don't want to grant certain apps that permission (e.g. the kind of tools that abuse OAuth as a way to do OpenID).

Digging back into overview of what these rights mean was hard. After granting access, I found the special page via the Preferences page, then "manage access" which listed "Basic rights" and had a linked list item to https://meta.wikimedia.org/wiki/Special:OAuth/grants#useoauth

That's where I finally found the information.

Version: unspecified
Severity: minor

Details

Reference
bz66978

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:32 AM
bzimport added projects: MediaWiki-extensions-OAuth, good first task.
bzimport set Reference to bz66978.
bzimport added a subscriber: Unknown Object (MLST).
Krinkle created this task.Jun 23 2014, 12:12 PM
csteipp added a comment.Jun 23 2014, 8:39 PM

We considered linking the individual grants to their Special:OAuth/grants entry, iirc UX didn't think it would be a good idea.

Jared, could you or someone on UX let us know if linking all of those would be problem?

Jaredzimmerman-WMF added a comment.Jun 23 2014, 8:44 PM

The rationale was that this option only shows when no other rights were requested in is only shown when an app wants to use Oauth as a means for account creation. Can someone link to a test app or screen shot of the case where "basic rights" is displayed.

csteipp added a comment.Jun 24 2014, 12:26 AM

Jared--https://tools.wmflabs.org/gerrit-patch-uploader/ and click on the "Log in using your mediawiki.org account" link at the top.

Jaredzimmerman-WMF added a comment.Jun 24 2014, 8:02 PM

Thanks Chris, I'd recommend we make "basic access" a link but not style it as such, no color change, no underline until hover. This way we can preserve the simple look for the majority of end users who are likely not to care and should be distracted to go read more about a rather technical issue.

bd808 mentioned this in T75062: OAuth permission screen needs redesign for better usability and comprehension.Mar 6 2015, 2:47 AM
bd808 added a parent task: T75062: OAuth permission screen needs redesign for better usability and comprehension.
bd808 moved this task from Backlog to UI/UX on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:13 PM
Deskana closed this task as a duplicate of T91825: Improve text of OAuth authorization dialog.Mar 6 2015, 10:19 PM
bd808 moved this task from UI/UX to Archive on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:24 PM
Jaredzimmerman-WMF set Security to None.Mar 6 2015, 10:49 PM
Jaredzimmerman-WMF added a subscriber: Nirzar.
Tgr added a subscriber: Tgr.Jun 29 2015, 11:52 PM

AIUI this was solved by introducing "basic access only" applications with a different dialog text.

Tgr removed a parent task: T75062: OAuth permission screen needs redesign for better usability and comprehension.Jun 30 2015, 12:01 AM
Tgr added a parent task: T91825: Improve text of OAuth authorization dialog.
Aklapper removed subscribers: Nirzar, Jaredzimmerman-WMF, Anomie, wikibugs-l-list.Oct 16 2020, 5:42 PM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL