The create app flow allow users to register a client with the API Portal.
Status: Gathering requirements
Prototype: https://zl8v18.axshare.com/#id=uwqv8b&p=my_account_key_manage
Prerequisites:
* User must be logged in to the API Portal with a Wikimedia account
* User must have the mwoauthproposeconsumer right (Automatically granted to all users)
* User must have a confirmed email address
Map between fields on Meta and fields in the API Portal:
| Field | Required | Val | DB | Default | API Portal
| --- | --- | --- | --- | --- | --- |
| Name | Yes | name|oarc_name|none|User-entered, required
|Description|Yes|description|oarc_description|none|User-entered, required
|Owner-only client checkbox| |“This consumer is for use only by [Username]” | | |User-entered, required
|Callback URL|Yes|callbackUrl|oarc_callback_url|none|User-entered, not required for owner-only clients
|Confidential checkbox|No|oauth2IsConfidential|oarc_oauth2_is_confidential|Yes|User-entered, required
|OAuth2 Grant Types|No|oauth2GrantTypes|oarc_oauth2_allowed_grants|[“authorization_code”,”refresh_token”]|User-entered, either:auth code flow ( "authorization_code", "refresh_token") or client credentials flow: ("client_credentials")
|Grants|Yes|grants|oarc_grants|(some basic permissions)|User-entered. Read: basic, highvolume, viewdeleted, oversight. Read/Write: basic, highvolume, viewdeleted, oversight, createeditmovepage
|Agreement|Yes|developerAgreement|oarc_developer_agreement|None (user must agree)|User-entered, include as-is
|Email|Yes|email|oarc_email|Wiki email|Omit and revert to default
|Wiki|Yes|wiki|oarc_wiki|*|Omit and revert to default
|Grant Type“Types of grants being requested:”|Yes|granttype|N/A|normal|Omit and default to “Request authorization for specific permissions.”
|Version|Yes|version|oarc_version|1.0|Omit and revert to default
|Allowed IP ranges| | | | | Omit and revert to default
|OAuth version| | | | |Omit, always 2.0
|Callback prefix checkbox|Yes|“Allow consumer to specify a callback in requests and use "callback" URL above as a required prefix.” | | |Omit and revert to checked. Doesn’t apply to OAuth 2.0.
#### References
* https://docs.google.com/drawings/d/1MFA29S_bOqJJ7knPwL61mvkDSjHPD8Vb-nidxyl3t3k/edit?ts=5e8343f1
* https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose
* https://www.mediawiki.org/wiki/Extension:OAuth#User_rights
* https://meta.wikimedia.org/wiki/Special:ListGroupRights