Jump to content

Talk:OAuth app guidelines

Add topic
From Meta, a Wikimedia project coordination wiki
Latest comment: 2 months ago by Agamyasamuel in topic OAuth Application Approval - Request

Beta Cluster consumers

[edit]
Latest comment: 2 years ago5 comments3 people in discussion

Are there any guidelines to approving consumers on the Beta Cluster? I approve them sometimes, and generally don't worry too much because it's a beta environment and people can't do much damage. But there are a bunch pending at the moment from Outreachy applicants and a few are requesting rights likely beyond what they need (e.g. "Send email to other users"). @Tgr and Lucas Werkmeister as you've both approved consumers recently. I'm wondering if these applications should be rejected because they would be if made on Meta. Sam Wilson 02:51, 10 October 2023 (UTC)Reply

It would be nice to educate Outreachy applicants to not request grants they do not need, but I don't think there's much risk to granting them on Beta. "Send email" is risky because there's no way to tell it's being sent by an app and not the human who authorized the app, but there is not much phishing risk to emails from Beta. Tgr (WMF) (talk) 03:38, 10 October 2023 (UTC)Reply
@Tgr (WMF): Yes, that sounds sensible. I'll approve these, but try to reach out to them to let them know to be aware of what permissions they request. Sam Wilson 04:11, 10 October 2023 (UTC)Reply
No guidelines that I’m aware of. I sometimes approve them based more or less on gut feeling, but left this recent batch alone due to the large number of rights requested. Lucas Werkmeister (talk) 13:01, 10 October 2023 (UTC)Reply
@Lucas Werkmeister: I've been in touch with the Outreachy mentors for this lot, and they're going to tell the applicants to be more careful in future. All of the requests were for localhost callbacks, which I think also limits the damage that can be done here. Sam Wilson 02:36, 11 October 2023 (UTC)Reply

OAuth Application Approval - Request

[edit]
Latest comment: 2 months ago3 comments2 people in discussion

My OAuth application has been under review for quite some time. Please let me know if I am making some mistake.

Application link: https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/066bedb29cb314692b266dbf219400e4

OAuth Applicatio to be used in: https://github.com/indictechcom/wikicontest

Please let me know if any additional information, changes, or clarifications are required from my side. I’ll be happy to update the application accordingly.

Apologies in advance if I’ve missed anything or made any mistakes in the submission. Thank you very much for your time and consideration.

-- Agamyasamuel (talk) 14:02, 3 January 2026 (UTC)Reply

FWIW the app proposal form does say that

Proposals which look like test apps (have "test" in the name or use localhost as the callback URL) will be ignored; you can use them with your own account, for 30 days.
If approval doesn't happen in time or a test app needs to be used by other users / for a longer period of time, please request approval at Steward requests/Miscellaneous using the {{oauthapprequest}} template.

Tgr (WMF) (talk) 17:59, 11 January 2026 (UTC)Reply
ok, i will keep this in mind from next time. Thanks :-)
-- Agamyasamuel (talk) 18:01, 11 January 2026 (UTC)Reply
Retrieved from "https://meta.wikimedia.org/w/index.php?title=Talk:OAuth_app_guidelines&oldid=29916835"