Change Details

In the API Portal, when viewing API key details, display the permissions allowed for the key. These are the `scopes` in the API response. Here's an example of the data returned to the API Portal from the OAuth server: ``` "scopes": [ "basic", "editpage", "editmycssjs", "editmyoptions", "createeditmovepage", "viewmywatchlist", "editmywatchlist" ] ``` If the API Portal displayed only API keys created via the Portal, the Portal could simply add the same fields used in the create-key form: {F34823094} However, because the Portal displays all OAuth 2.0 clients (created via the Portal or via Meta-Wiki), the Portal needs to be able to display all possible scopes a client could have. The complete list of scopes can be found on [Special:ListGrants](https://meta.wikimedia.org/wiki/Special:ListGrants). One of the main reasons the Portal offers only a limited set from this list is because it can be hard to understand what each grant allows, especially just looking at the name. Here are my assumptions: * If a user is viewing an API key on the Portal, it is more likely that they created that key via the Portal than via Meta * If a user has created API keys via Meta, they are already familiar with the complexity of selecting from the full grant list. Here are the objectives I see for this task: * Provide a clear, simplified experience for users who have created their API keys via the Portal * Provide accurate information for users who have created their API keys via Meta-Wiki Recommendation: If an API key only has scopes offered by the Portal (basic, createeditmovepage, editprotected), display the [message from the WikimediaApiPortalOAuth extension](https://github.com/wikimedia/mediawiki-extensions-WikimediaApiPortalOAuth/blob/master/i18n/en.json#L28-L30). If the key has other scopes, display the [message from MediaWiki core](https://gerrit.wikimedia.org/g/mediawiki/core/+/39ebbb075d850c07af114b65973368249ffb117e/languages/i18n/en.json#1366) and link to Special:ListGrants, similar to the [form on Meta](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose). Cleaner solution: De-duplicate messages between WikimediaApiPortalOAuth extension and MediaWiki Core. I think we could do this as long as we could change the message for the basic grant from "Basic rights" to "Read pages", although I don't know if there will be objections to that since the basic grant includes other rights besides just reading pages.

==== Context In the API Portal, when viewing API key details, display the permissions allowed for the key. These are the `scopes` in the API response. Here's an example of the data returned to the API Portal from the OAuth server: ``` "scopes": [ "basic", "editpage", "editmycssjs", "editmyoptions", "createeditmovepage", "viewmywatchlist", "editmywatchlist" ] ``` If the API Portal displayed only API keys created via the Portal, the Portal could simply add the same fields used in the create-key form: {F34823094} However, because the Portal displays all OAuth 2.0 clients (created via the Portal or via Meta-Wiki), the Portal needs to be able to display all possible scopes a client could have. The complete list of scopes can be found on [Special:ListGrants](https://meta.wikimedia.org/wiki/Special:ListGrants). One of the main reasons the Portal offers only a limited set from this list is because it can be hard to understand what each grant allows, especially just looking at the name. Here are my assumptions: * If a user is viewing an API key on the Portal, it is more likely that they created that key via the Portal than via Meta * If a user has created API keys via Meta, they are already familiar with the complexity of selecting from the full grant list. Here are the objectives I see for this task: * Provide a clear, simplified experience for users who have created their API keys via the Portal * Provide accurate information for users who have created their API keys via Meta-Wiki Recommendation: If an API key only has scopes offered by the Portal (basic, createeditmovepage, editprotected), display the [message from the WikimediaApiPortalOAuth extension](https://github.com/wikimedia/mediawiki-extensions-WikimediaApiPortalOAuth/blob/master/i18n/en.json#L28-L30). If the key has other scopes, display the [message from MediaWiki core](https://gerrit.wikimedia.org/g/mediawiki/core/+/39ebbb075d850c07af114b65973368249ffb117e/languages/i18n/en.json#1366) and link to Special:ListGrants, similar to the [form on Meta](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose). Cleaner solution: De-duplicate messages between WikimediaApiPortalOAuth extension and MediaWiki Core. I think we could do this as long as we could change the message for the basic grant from "Basic rights" to "Read pages", although I don't know if there will be objections to that since the basic grant includes other rights besides just reading pages. ==== User Story > As an API Portal developer, > I want to view what permissions I'm granted > So that I can expect what operations I'm authorized to take ==== Acceptance Criteria [ ] Given I am on the API Key page, when I select "View Details" I expect to view my permissions (Below the client ID) {F34855976}

==== Context In the API Portal, when viewing API key details, display the permissions allowed for the key. These are the `scopes` in the API response. Here's an example of the data returned to the API Portal from the OAuth server: ``` "scopes": [ "basic", "editpage", "editmycssjs", "editmyoptions", "createeditmovepage", "viewmywatchlist", "editmywatchlist" ] ``` If the API Portal displayed only API keys created via the Portal, the Portal could simply add the same fields used in the create-key form: {F34823094} However, because the Portal displays all OAuth 2.0 clients (created via the Portal or via Meta-Wiki), the Portal needs to be able to display all possible scopes a client could have. The complete list of scopes can be found on [Special:ListGrants](https://meta.wikimedia.org/wiki/Special:ListGrants). One of the main reasons the Portal offers only a limited set from this list is because it can be hard to understand what each grant allows, especially just looking at the name. Here are my assumptions: * If a user is viewing an API key on the Portal, it is more likely that they created that key via the Portal than via Meta * If a user has created API keys via Meta, they are already familiar with the complexity of selecting from the full grant list. Here are the objectives I see for this task: * Provide a clear, simplified experience for users who have created their API keys via the Portal * Provide accurate information for users who have created their API keys via Meta-Wiki Recommendation: If an API key only has scopes offered by the Portal (basic, createeditmovepage, editprotected), display the [message from the WikimediaApiPortalOAuth extension](https://github.com/wikimedia/mediawiki-extensions-WikimediaApiPortalOAuth/blob/master/i18n/en.json#L28-L30). If the key has other scopes, display the [message from MediaWiki core](https://gerrit.wikimedia.org/g/mediawiki/core/+/39ebbb075d850c07af114b65973368249ffb117e/languages/i18n/en.json#1366) and link to Special:ListGrants, similar to the [form on Meta](https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose). Cleaner solution: De-duplicate messages between WikimediaApiPortalOAuth extension and MediaWiki Core. I think we could do this as long as we could change the message for the basic grant from "Basic rights" to "Read pages", although I don't know if there will be objections to that since the basic grant includes other rights besides just reading pages. ==== User Story > As an API Portal developer, > I want to view what permissions I'm granted > So that I can expect what operations I'm authorized to take ==== Acceptance Criteria [ ] Given I am on the API Key page, when I select "View Details" I expect to view my permissions (Below the client ID) {F34855976}