Page MenuHomePhabricator

Change tags created by inactive OAuth applications should be deletable
Open, MediumPublic

Description

The tag associated to a OAuth app cannot be undefined by the app publisher. There should be a way to undefine the tag so it can be deleted. At present, old inactive OAuth tags applied at least once remain at Special:Tags and there's no way to avoid that.

Event Timeline

Cenarium raised the priority of this task from to Medium.
Cenarium updated the task description. (Show Details)
Cenarium subscribed.

There are three stages for OAuth consumers besides 'proposed' and 'approved' : expired, disabled and rejected. A consumer in the 'expired' stage may still be brought back to 'approved'. Would it make sense to not define tags for 'disabled' and 'rejected' consumers ?

Convenience link to MWOAuth.hooks.php.

It's not immediately obvious what to do here. We already mark tags for OAuth consumers that are not "proposed" or "approved" as inactive; this of course does not allow those tags to be deleted.

We could use the ChangeTagCanDelete hook to allow deleting tags in a 'disabled' or 'rejected' state. I couldn't find much documentation on OAuth statuses, but it appears that allowing deletion in these cases makes sense.

Tags in an 'expired' state would be marked as inactive but still not be deletable. To make it deletable, the client would have to explicitly change the status to 'disabled'.

Tgr renamed this task from OAuth tags cannot be undefined to Change tags created by inactive OAuth applications should be deletable.Jun 23 2015, 12:24 AM
Tgr set Security to None.

Change 253567 had a related patch set uploaded (by Cenarium):
Implement ChangeTagsRegister for OAuth

https://gerrit.wikimedia.org/r/253567

Change 253567 abandoned by Bartosz Dziewoński:

[mediawiki/extensions/OAuth@master] Implement ChangeTagsRegister hook for OAuth

Reason:

Depends on an abandoned change

https://gerrit.wikimedia.org/r/253567