Question regarding OAuth
2 views
Skip to first unread message
David Cuenca
May 11, 2014, 10:29:32 AM5/11/14
to Chris Steipp, Simone Fonda, annotation-tool-gsoc, Amanpreet Singh
Hi Chris,
I hope you are still enjoying the Hackathon? :)[1] https://www.mediawiki.org/wiki/Wikidata_annotation_tool
On Sun, May 11, 2014 at 1:41 PM, Amanpreet Singh <amanpreet...@gmail.com> wrote:
About the login I have some doubts,
This should be specifically clarified by Wikimedia people.
As the login functionality as mentioned at [1] needs some server side code, it would be difficult to integrate it with Pundit.
Other option as seems suitable to me is at [2], this requires JS but I don't think its viable an safe to send passwords in JS queries, what we need is something like Facebook JS SDK which provides us a unique APP ID and APP SECRET and through them we can connect to facebook to check if user is logged in or not, if not he is presented with a page to login.
Kindly correct me if the service like this exists in mediawiki or provide me a path to do this.Thanks--On Mon, Apr 28, 2014 at 7:30 PM, Amanpreet Singh <amanpreet...@gmail.com> wrote:On Mon, Apr 28, 2014 at 12:51 PM, Simone Fonda <fo...@netseven.it> wrote:
I dont remember if we had a final decision on all of the questions weraised during the discussion phase (how/where to save, how to model
the knowledge, new GUI or not, etc).We have discussed to save it at Pundit Annotation sever and later use a bot to feed Wikidata from it. Also we finalized on a RFC based model where Pundit's Subject-Predicate-Object would be fed to Wikidata as Item-property-value.
For e.g. In Pundit:London(Subject) - population(Predicate) - "8173456"(Object)- and a referenceIn Wikidata:London(Item) - population(property) - "8173456"(value)The bot approach is the easiest, but maybe it is not possible to preserve the information about who created the annotation, which would make harder to identify and revert vandalism. If done via API, then OAuth login should be considered, either using the same OpenID login Wikimedia->Pundit (which is unlikely to be possible any time soon [3]), or by requesting the wikimedia oauth access. [4]I was also considering this approach so for this to happen, I will customize Pundit's GUI specifically for Wikimedia by removing OpenID login system, and adding Wikimedia OAuth login.ThanksAmanpreet Singh,IIT RoorkeeAmanpreet Singh,IIT Roorkee
--
Etiamsi omnes, ego non
Amanpreet Singh
May 16, 2014, 11:31:21 AM5/16/14
to Chris Steipp, David Cuenca, Simone Fonda, annotation-tool-gsoc
Hello Chris and David,
Thanks for your help,
Actually, I don't want to include any type of sever side components in my projects, therefore I was hoping to get some kind of OAuth login through client side.
Its true that in FB sdk App ID and App Secret becomes useless, but nevertheless there are of no use to other parties since the redirects are specified in FB developer dashboard, so FB auth requests can only be redirect to certain links which are chosen by the original user.
But lets come back to our original question, is it possible to use OAuth for Wikimedia login without using a server side script? I will be happy to further clarify if the question is still not clear.
Thanks again.
Thanks for your help,
Actually, I don't want to include any type of sever side components in my projects, therefore I was hoping to get some kind of OAuth login through client side.
Its true that in FB sdk App ID and App Secret becomes useless, but nevertheless there are of no use to other parties since the redirects are specified in FB developer dashboard, so FB auth requests can only be redirect to certain links which are chosen by the original user.
But lets come back to our original question, is it possible to use OAuth for Wikimedia login without using a server side script? I will be happy to further clarify if the question is still not clear.
Thanks again.
On Wed, May 14, 2014 at 5:57 AM, Chris Steipp <cst...@wikimedia.org> wrote:
It's a little hard for me to follow exactly what's needed. Are you trying to save things into Wikidata from another website? If so, OAuth is the correct way to handle it. Facebook also uses OAuth (that's the App id and secret mentioned). Unlike FB though, we don't allow purely javascript apps to use OAuth, since they make the secret available in the source code delivered to the user's browser-- I'm not sure if that's what you meant by "server side code"?
Thomas Tanon
May 17, 2014, 3:30:18 AM5/17/14
to Amanpreet Singh, Chris Steipp, David Cuenca, Simone Fonda, annotation-tool-gsoc
Hi!
As Wikimedia only supports 3-legged oauth you have to store a secret key. So, I'm afraid you have to use a server side script to store this secret key in order to don't give it to everybody. So, an idea is maybe to have a very simple server side script that initiate the OAuth connection and then act like a proxy to add OAuth fields to requests that should be sent to Wikimedia servers.
Thomas
> --
> You received this message because you are subscribed to the Google Groups "Annotation tool GSoC" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to annotation-tool-...@googlegroups.com.
> Visit this group at http://groups.google.com/group/annotation-tool-gsoc.
> For more options, visit https://groups.google.com/d/optout.
As Wikimedia only supports 3-legged oauth you have to store a secret key. So, I'm afraid you have to use a server side script to store this secret key in order to don't give it to everybody. So, an idea is maybe to have a very simple server side script that initiate the OAuth connection and then act like a proxy to add OAuth fields to requests that should be sent to Wikimedia servers.
Thomas
> You received this message because you are subscribed to the Google Groups "Annotation tool GSoC" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to annotation-tool-...@googlegroups.com.
> Visit this group at http://groups.google.com/group/annotation-tool-gsoc.
> For more options, visit https://groups.google.com/d/optout.
Amanpreet Singh
May 19, 2014, 10:26:58 AM5/19/14
to Thomas Tanon, Chris Steipp, David Cuenca, Simone Fonda, annotation-tool-gsoc
What I think, after doing some research, according to the current system in Pundit, I would have to write a server side API, which would we called instead of usual request of OpenID to Pundit server.
We may discuss it further, when the proper time comes, I am shifting making the login system, below in the tasklist.
Thanks everyone.
Thanks everyone.
Reply all
Reply to author
Forward
0 new messages