A little more background: this resulted from an effort to try "Wikidata The Game" based on this blog post:

http://wikistrategies.net/wikidata-guest-post-tom-morris/#more-898

Via this link: http://tools.wmflabs.org/wikidata-game/

The issue is with reusing Widar for this game. Since Widar is used for many different tools, you must give it all of those rights when you approve it. So yes, the game would have the ability to delete pages, if an admin decides to play it. The appropriate thing to do would be to register and use another consumer, that requests fewer rights.

If there's another component to this bug, such as how the rights are displayed, or how you're able to access more information about what user rights you're granting when you give an OAuth consumer these rights, feel free to reopen this and clarify.

(In reply to Chris Steipp from comment #2)

So yes, the game would have the ability to delete pages, if an admin decides
to play it. The appropriate thing to do would be to register and use another
consumer, that requests fewer rights.

The game's "Merge items" mode can actually delete pages for you, if you're an admin and check an additional checkbox.

Maybe the dialog shouldn't list the rights that the user doesn't have anyway? (For example, I can confirm that "Delete pages, revisions, and log entries" is shown even if the user is not an admin, which is definitely confusing.)
Would that require us to invalidate the OAuth permissions when the user gets these rights, just in case?

I am glad to see there are some technical issues being surfaced, and I like Bartosz's suggestion, that the tool could be more closely tailored to discussing only the rights the user has. However, I think the bigger issue here is in the way that information is conveyed, rather than the factual accuracy of the information. There are many little issues, that add up to something that's confusing and off-putting to a less technical end-user. I will quote the message's text, with commentary, below:

Hi Martha,
Widar would like to do the following actions on your behalf on www.wikidata.org:

Two problems:

1. Martha has at this point never heard the name "Widar" before, and will probably never hear it again. The reference to "Widar" is not helpful. Is this a person? A web site? An organization? How would she know, and why should she care what Widar wants?
2. "would like to" is a strange way to put it. The person who has a desire here is Martha: she wants to play the Wikidata Game. If there are conditions that must be met, that's what she needs to know; not what some abstract entity "wants." Now she is wondering about machine sentience and artificial intelligence, when all she wanted to do was try out a web game!

• Perform high volume activity high volume editing

I'm not sure I even know what this is referring to. Presumably, some kind of restriction on edits-per-hour is being lifted. I didn't even know such a restriction existed. As an end user, why should Martha care? Why does she even need to know this? How is the information helping her achieve her goal, or how would not knowing harm her?

• Interact with pages Edit existing pages; Create, edit, and move pages

What is a "page"? Is this referring to Wikidata or Wikipedia? Perhaps this could simply say "Make changes to the Wikidata.org web site"?

• Perform administrative actions Rollback changes to pages; Delete pages, revisions, and log entries

I think Bartosz has a good suggestion here: if possible, it would be nice if this item could simply be removed for non-administrators. "Rollback" might be a right that a non-admin has, but in many cases she will not even know what "rollback" means. As an admin, I've granted this right to people without discussing it much, and I've seen other admins do this as well. So if there's a way to avoid the jargon "rollback" and instead describe what will actually be done, that would be ideal.

Privacy Policy

I'm not sure why the Privacy Policy is mentioned at all. Whose policy is it? Wikimedia's? Widar's? And why is it relevant? If this is a mere formality, maybe it could be eliminated, or maybe it could be made smaller/lighter grey/moved below the buttons or otherwise de-emphasized.

Martha has at this point never heard the name "Widar" before, and will probably never hear it again. The reference to "Widar" is not helpful. Is this a person? A web site? An organization? How would she know, and why should she care what Widar wants?

Widar is a name for a service that is used by The Wikidata Game and several other apps to access Wikidata on the user's behalf. I blame @Magnus for naming it in a strange way and I agree that having a separate consumer for the Wikidata Game would be a good solution if only to this problem.

"would like to" is a strange way to put it. The person who has a desire here is Martha: she wants to play the Wikidata Game. If there are conditions that must be met, that's what she needs to know; not what some abstract entity "wants." Now she is wondering about machine sentience and artificial intelligence, when all she wanted to do was try out a web game!

Good point. I'm changing the wording of this and submitting a patch soon.

I'm not sure I even know what this is referring to. Presumably, some kind of restriction on edits-per-hour is being lifted. I didn't even know such a restriction existed. As an end user, why should Martha care? Why does she even need to know this? How is the information helping her achieve her goal, or how would not knowing harm her?

Well, it's an additional permission being granted, and as much as Martha might not care, somebody might. I don't want to go removing information from the interface willy-nilly just because one set of users doesn't really care, at least not without some solution for making sure people who do care still see the information.

What is a "page"? Is this referring to Wikidata or Wikipedia? Perhaps this could simply say "Make changes to the Wikidata.org web site"?

I simplified this a little - the messages already have a parameter that tells you what site(s) are being included. In the case of this particular consumer, it says "on www.wikidata.org", so that's pretty clear already.

I think Bartosz has a good suggestion here: if possible, it would be nice if this item could simply be removed for non-administrators. "Rollback" might be a right that a non-admin has, but in many cases she will not even know what "rollback" means. As an admin, I've granted this right to people without discussing it much, and I've seen other admins do this as well. So if there's a way to avoid the jargon "rollback" and instead describe what will actually be done, that would be ideal.

Agreed. This is a separate task. T94478 the subtask should take care of it.

I'm not sure why the Privacy Policy is mentioned at all. Whose policy is it? Wikimedia's? Widar's? And why is it relevant? If this is a mere formality, maybe it could be eliminated, or maybe it could be made smaller/lighter grey/moved below the buttons or otherwise de-emphasized.

I'll take the bold styling out at least. Seems a bit too strong to me.

Patch incoming, thanks!

Change 200730 had a related patch set uploaded (by MarkTraceur):
Clarify messages, de-emphasize privacy policy

https://gerrit.wikimedia.org/r/200730

In T69082#738278, @Peteforsyth wrote:

• Perform administrative actions Rollback changes to pages; Delete pages, revisions, and log entries

I think Bartosz has a good suggestion here: if possible, it would be nice if this item could simply be removed for non-administrators. "Rollback" might be a right that a non-admin has, but in many cases she will not even know what "rollback" means. As an admin, I've granted this right to people without discussing it much, and I've seen other admins do this as well. So if there's a way to avoid the jargon "rollback" and instead describe what will actually be done, that would be ideal.

If a user has rollback rights without knowing what that means, they probably shouldn't have them.

In T69082#1167473, @Ricordisamoa wrote:

In T69082#738278, @Peteforsyth wrote:

• Perform administrative actions Rollback changes to pages; Delete pages, revisions, and log entries

I think Bartosz has a good suggestion here: if possible, it would be nice if this item could simply be removed for non-administrators. "Rollback" might be a right that a non-admin has, but in many cases she will not even know what "rollback" means. As an admin, I've granted this right to people without discussing it much, and I've seen other admins do this as well. So if there's a way to avoid the jargon "rollback" and instead describe what will actually be done, that would be ideal.

If a user has rollback rights without knowing what that means, they probably shouldn't have them.

Two problems with this:

(1) I believe the message is delivered *regardless of whether or not the user has rollback rights* -- if so, that should be changed to eliminate something irrelevant and confusing to those who do not have any reason to have ever heard of rollback rights. (Remember, The Wikipedia Game is intended to be highly accessible to newbies!)

(2) Even if it is the case that a user has the rollback right and doesn't know what it is -- perhaps through no fault or direct action of her own, because an administrator gave out the right without fully explaining it -- is sending her a confusing message an appropriate way to deal with that? I have no problem with your point that "they probably shouldn't have them" -- sure, remove the right if you feel it's important. But a confusing message is not a helpful step on the path to removing the right, and serves only to confuse the user.

In T69082#1164512, @MarkTraceur wrote:

<snip>

Patch incoming, thanks!

Hi Mark, thank you for your attention to this. Would you mind summarizing the end result you are sending out in a patch? (Or, if it's going to be live soon, just letting us know a date when we can look for ourselves?)

I suppose it would also be desirable to allow tools to request authorisation with OAuth for standard rights as opposed to whatever rights the user has.

I may be an admin and allowed to delete pages and perform high volume edits. That doesn't mean I want every external tool I authenticate to have all rights I have on-wiki.

It seems more natural to associate OAuth requests for "basic rights" with the default definition of that term, not the current user's.

The down side is that a tool would then need additional user interaction to offer and expose the extra rights (e.g. separate "Enable admin actions" or "Enable high volume editing" buttons). But I think that explicit action is worth the overhead and more expected from a UX point of view.

In T69082#1168493, @Krinkle wrote:

I suppose it would also be desirable to allow tools to request authorisation with OAuth for standard rights as opposed to whatever rights the user has.

[...]

It seems more natural to associate OAuth requests for "basic rights" with the default definition of that term, not the current user's.

Err, that's how OAuth already works. "Basic rights" is the access an app gets when it doesn't request anything more advanced such as "Edit existing pages". You can see the full list of these grant "packages" and what rights they enable at Special:OAuth/grants.

The proposal here (also in T94478) seems to be that if the app is registered for "Delete pages, revisions, and log entries" but the user doesn't actually have any of the relevant rights, then the authorization screen wouldn't bother to show that line (and OAuth wouldn't actually grant it). If the user later got promoted, they'd have to reauthorize the app to enable that grant.

(e.g. separate "Enable admin actions" or "Enable high volume editing" buttons)

Unless I've forgotten, it's not easily possible to implement such buttons as the "request authorization" flow doesn't allow the app to request only a subset of the grants that it is registered to be able to ask for. If someone actually wanted to do that instead of requesting permission for all the app's registered grants up front, it could probably be done easily enough.

In T69082#1168572, @Anomie wrote:

<snip>

Unless I've forgotten, it's not easily possible to implement such buttons as the "request authorization" flow doesn't allow the app to request only a subset of the grants that it is registered to be able to ask for. If someone actually wanted to do that instead of requesting permission for all the app's registered grants up front, it could probably be done easily enough.

@Anomie, it sounds like there is an aspect of the issue that is specific to The Wikidata Game, rather than the implementation of OAuth. If I understand it correctly, the Wikidata Game -- designed to give newbies an easy way to add information to Wikidata -- would never need to use anything more than basic rights. So perhaps it is somewhat "greedy" for advanced rights in its design, and could be recoded so that it never requests administrative privileges?

If that is the case, any suggestions about how to pass on a request to Magnus would be appreciated. He has not been responding to queries on his Commons talk page for several months, at least. https://commons.wikimedia.org/wiki/User_talk:Magnus_Manske

In T69082#1168903, @Peteforsyth wrote:

If I understand it correctly, the Wikidata Game -- designed to give newbies an easy way to add information to Wikidata -- would never need to use anything more than basic rights. So perhaps it is somewhat "greedy" for advanced rights in its design, and could be recoded so that it never requests administrative privileges?

It looks like the Wikidata Game allowed administrators to directly delete items after merging, but this ability has been removed (or at least hidden) with 3c9dd72cc3a7.

Change 200730 merged by jenkins-bot:
Clarify messages, de-emphasize privacy policy

https://gerrit.wikimedia.org/r/200730

In T69082#1168179, @Peteforsyth wrote:

Hi Mark, thank you for your attention to this. Would you mind summarizing the end result you are sending out in a patch? (Or, if it's going to be live soon, just letting us know a date when we can look for ourselves?)

It should go live today, if I am counting correctly.

I think everything here has been taken care of or has a more specific task. Which rights to display is T94478, fixing the privacy policy link is T64686, the general design overhaul (including clearer identification of the site and the application) is T75062, the rest of the suggestions have been implemented by Mark via tweaks to the language. Did I miss anything or can we close this as resolved?

In T69082#738278, @Peteforsyth wrote:

"Rollback" might be a right that a non-admin has, but in many cases she will not even know what "rollback" means. As an admin, I've granted this right to people without discussing it much, and I've seen other admins do this as well. So if there's a way to avoid the jargon "rollback" and instead describe what will actually be done, that would be ideal.

Different presentations work best in different context, unfortunately the software needs to present the permission request of every app the same way (although the ability for the app author to add footnotes to explain why each specific right is needed would be nice). An anti-vandalism tool might request rollback rights and nothing else (or rollback + some rights completely unrelated to editing), in which case omitting it would be very misleading.

@Ricordisamoa proposed changing some of the wording back in https://gerrit.wikimedia.org/r/#/c/208010/

I agree that the previous wording was more correct, and wouldn't mind seeing it change back. But I agree mark's wording is less scary for users. Is there a way we can be both accurate and friendly in the wording?

In T69082#1297979, @csteipp wrote:

Is there a way we can be both accurate and friendly in the wording?

By using both short summaries (like "Interact with pages") and detailed information (such as "Create, edit, and move pages").
"Make changes to pages" does not add any information within that context.