A possible design:
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Open | None | T90925 General authentication improvements for MediaWiki | |||
Open | None | T86869 Support a nice sso experience with MediaWiki's OAuth | |||
Open | None | T75062 OAuth permission screen needs redesign for better usability and comprehension | |||
Duplicate | None | T98879 OAuth authorization dialogs should have a plain (skinless) version so that they can be shown in popup windows. |
Event Timeline
This is the current OAuth flow:
- the user visits the application's home page
- they click on a 'Login' link
- they are redirected to the authorization screen at mediawiki.org
- they click on the 'Allow' button
- they get redirected to the application
Using popups, there would be almost no way for the apps to know in real time that they've been authorized.
Not mentioning that, at least in a desktop environment, popups are very annoying and might be blocked even without the user noticing...
Change #1031627 had a related patch set uploaded (by Bartosz Dziewoński; author: Bartosz Dziewoński):
[mediawiki/extensions/OAuth@master] SpecialMWOAuth: Support &display=popup
Oops, that patch was supposed to go on T71246, but I wanted to say here that the difference between that task and this one is not really clear to me.
Originally that task proposed just making the dialog full-width (so that the skin is hidden beneath it), and this one proposed getting rid of the skin entirely. But yeah, probably wasn't much point in having those as separate tasks.