User talk:Tgr (WMF)

From Meta, a Wikimedia project coordination wiki

Afrikaans | العربية | অসমীয়া | asturianu | azərbaycanca | Boarisch | беларуская | беларуская (тарашкевіца) | български | ပအိုဝ်ႏဘာႏသာႏ | বাংলা | བོད་ཡིག | bosanski | català | کوردی | corsu | čeština | Cymraeg | dansk | Deutsch | Deutsch (Sie-Form) | Zazaki | ދިވެހިބަސް | Ελληνικά | emiliàn e rumagnòl | English | Esperanto | español | eesti | euskara | فارسی | suomi | français | Nordfriisk | Frysk | galego | Alemannisch | ગુજરાતી | עברית | हिन्दी | Fiji Hindi | hrvatski | magyar | հայերեն | interlingua | Bahasa Indonesia | Ido | íslenska | italiano | 日本語 | ქართული | ភាសាខ្មែរ | 한국어 | Qaraqalpaqsha | kar | kurdî | Limburgs | ລາວ | lietuvių | Minangkabau | македонски | മലയാളം | молдовеняскэ | Bahasa Melayu | မြန်မာဘာသာ | مازِرونی | Napulitano | नेपाली | Nederlands | norsk nynorsk | norsk | occitan | Kapampangan | Norfuk / Pitkern | polski | português | português do Brasil | پښتو | Runa Simi | română | русский | संस्कृतम् | sicilianu | سنڌي | Taclḥit | සිංහල | slovenčina | slovenščina | Soomaaliga | shqip | српски / srpski | svenska | ꠍꠤꠟꠐꠤ | ślůnski | தமிழ் | тоҷикӣ | ไทย | Türkmençe | Tagalog | Türkçe | татарча / tatarça | ⵜⴰⵎⴰⵣⵉⵖⵜ  | українська | اردو | oʻzbekcha / ўзбекча | vèneto | Tiếng Việt | 吴语 | 粵語 | 中文(简体) | 中文(繁體) | +/-

Welcome to Meta![edit]

Hello, Tgr (WMF). Welcome to the Wikimedia Meta-Wiki! This website is for coordinating and discussing all Wikimedia projects. You may find it useful to read our policy page. If you are interested in doing translations, visit Meta:Babylon. You can also leave a note on Meta:Babel or Wikimedia Forum if you need help with something (please read the instructions at the top of the page before posting there). Happy editing!

-- Meta-Wiki Welcome (talk) 16:23, 20 November 2013 (UTC)[reply]

OAuthTest1[edit]

Hi. Is confirmed right still needed for this account? AFAICS, this account is autoconfirmed now. Matiia (talk) 02:45, 17 December 2016 (UTC)[reply]

No, I probably just needed a test account which could create OAuth consumers. I'm not using it ATM (and as you say it does not need the confirmed group for that now, anyway). --Tgr (WMF) (talk) 04:57, 17 December 2016 (UTC)[reply]
Okay, could you remove it? Matiia (talk) 02:36, 18 December 2016 (UTC)[reply]
No, that ability was removed from the staff group shortly after I created this user. --Tgr (WMF) (talk) 04:37, 18 December 2016 (UTC)[reply]
Ah, true. I've requested its removal to Stewards. Matiia (talk) 05:49, 18 December 2016 (UTC)[reply]
Thanks for cleaning up! --Tgr (WMF) (talk) 19:41, 19 December 2016 (UTC)[reply]

The Community Wishlist Survey[edit]

Hi,

You get this message because you’ve previously participated in the Community Wishlist Survey. I just wanted to let you know that this year’s survey is now open for proposals. You can suggest technical changes until 11 November: Community Wishlist Survey 2019.

You can vote from November 16 to November 30. To keep the number of messages at a reasonable level, I won’t send out a separate reminder to you about that. /Johan (WMF) 11:24, 30 October 2018 (UTC)[reply]

Interface administrators and Interface editors[edit]

Hi. Interface administrators and Interface editors. Having the new user group named interface-admin I would assume that the first is the active decision description. But the second is marked as "an official global policy". So how do they actually relay to each other? Is the second like an initial problem approach and the first like an actual implementation, or comething else? --NeoLexx (talk) 17:09, 24 February 2019 (UTC)[reply]

Hi @NeoLexx:! Those are two different user groups, interface administrators can edit all MediaWiki: pages, interface editors only the ones which are not dangerous (do not include JS or CSS, more or less). They also have the opposite purpose, in a sense - historically both of these things were done by administrators, and interface-admin is an attempt to restrict the dangerous parts of that task to a smaller group, and interface-editor (which has been around for a couple years) to open up the non-dangerous parts to a larger one. --Tgr (WMF) (talk) 19:26, 24 February 2019 (UTC)[reply]

Thank you for your promt informative response. One more question if I may: The Interface administrators states: "For legal and security reasons, the Wikimedia Foundation has decided that Two factor authentication is required for this role."
And The 2FA page states: "currently in production testing with administrators (and users with admin-like permissions like interface editors), bureaucrats, checkusers, oversighters, stewards, edit filter managers and the OATH-testers global group".
So is the WMF intent here that currently (at least) no lesser than a sysop (administrator) may have interface-admin, not a patroller or a closer? - as they currently can not(?) have 2FA, so they cannot have interface-admin? --NeoLexx (talk) 19:40, 24 February 2019 (UTC)[reply]
The current proceedure is to ask the user to get 2FA-tester right before applying for IA. Leaderboard (talk) 20:03, 24 February 2019 (UTC)[reply]
Oh, OK. So the 2FA testing is open for anyone willing to join (it just was not clearly set at the page, my native language is not English). But for members of interface-admin group the oathauth-enable right is a prerequisite requirement. --NeoLexx (talk) 20:22, 24 February 2019 (UTC)[reply]

@NeoLexx: interface admins do have 2FA enabled, see for example Special:ListGroupRights#interface-admin. Whether interface admins need to be admins is left to the local communities to decide, the user group should be handled with care though (it is a far more dangerous privilege than patroller or closer, or even admin). --Tgr (WMF) (talk) 02:14, 25 February 2019 (UTC)[reply]

oathauth-enable[edit]

Hello Tgr, I think you were recently working on adding this ability to some more "sensitive" type groups (I couldn't find a phab task to link to). It looks like there is a minor gap: it appears to have been added to "transwiki", but left off of the more dangerous "import" group. Generally, all of these people are also admins, but for consistency this should probably be done too. I can open a phab ticket if needed, but thought you may already have something in the works. Thank you, — xaosflux Talk 02:27, 9 June 2019 (UTC)[reply]

Thanks, fix is in gerrit 516053. --Tgr (WMF) (talk) 11:55, 9 June 2019 (UTC)[reply]

@Xaosflux: took a while (offsites and whatnot) but this should be fixed now. --Tgr (WMF) (talk) 11:15, 20 June 2019 (UTC)[reply]

OAuth approval[edit]

Hey Tgr, I hope you are well! Please, could you approve my recent request? That'd be great. Many thanks in advance! -- FNDE (talk) 13:44, 12 July 2019 (UTC)[reply]

Hi FNDE. It's a test app, does it need to be approved? You can always use a consumer with the same user that has registered it, with or without approval. --Tgr (WMF) (talk) 16:56, 12 July 2019 (UTC)[reply]

Oh okay, I wasn't aware of this :) In this case it's actually not needed. Thank you! --FNDE (talk) 17:06, 12 July 2019 (UTC)[reply]

OAuth approval for fountain local test[edit]

Hi Tgr, could you look into this? Thank you. Viztor (talk) 20:26, 3 August 2019 (UTC)[reply]

@Viztor: can you give it a more descriptive name? Although as noted above, generally there's no need to approve consumers used for local development. --Tgr (WMF) (talk) 13:38, 4 August 2019 (UTC)[reply]
Hi Tgr (WMF), I tried to just use the unapproved consumer key pair, though it was successful going through auth process, the user information is not showing up. The code is the same as tools.wmflabs.org/fountain, the name is probably descriptive for local test as it seems we can not change endpoint therefore I had to use the address to id them. Viztor (talk) 15:00, 4 August 2019 (UTC)[reply]
@Viztor: So you can successfully authorize, make an API request that does not fail, but you don't get the data back? That sounds like a bug (not sure whether in OAuth or the application). Can you provide more details?

SRM approval section[edit]

Hope that the new section is a little easier. Please feel welcome to edit the text that I cobbled together at the lead of the section.  — billinghurst sDrewth 14:25, 19 October 2019 (UTC)[reply]

@Billinghurst: thanks! Prsonally, I mainly use the Echo notifications. --Tgr (WMF) (talk) 04:41, 21 October 2019 (UTC)[reply]

User identity verification with access to real name and email address for TewikiOauth-1.0 [1.0][edit]

@Tgr: At the time of creating this consumer proposal, I have selected user identity verification only. Thank you for approving this. I would now like to update this proposal to user identity verification with access to real name and email address. Can this be done? Kasyap (talk) 16:13, 11 February 2020 (UTC)[reply]

@Kasyap: sadly, no :( Our OAuth management interface is rather primitive. You need to propose another consumer with that setting. --Tgr (WMF) (talk) 18:43, 11 February 2020 (UTC)[reply]

@Tgr: Thank you for letting me know. I already proposed another consumer application with Tewiki-IIIT [1.0] which is still in proposed state. Could the approval of that application happen fast because, we are trying to train people on writing telugu articles. Your work would help us. Hope you approve the consumer application as soon as possible. Kasyap (talk) 03:01, 12 February 2020 (UTC)[reply]

@Kasyap: done (sorry, I misunderstood you earlier). --Tgr (WMF) (talk) 04:34, 12 February 2020 (UTC)[reply]

@Tgr: Thankyou for your help :) Kasyap (talk) 10:05, 12 February 2020 (UTC)[reply]

@Tgr: Hello @Tgr:, I am here again bacause, I am having an issue when implemented OAuth for the locally hosted mediawiki software(stable) The error says An error occurred in the OAuth protocol: Invalid signature .I am using https://en.wikipedia.org/w/index.php?title=Special:OAuth as the Authentication url. Could you please help me with some suggestions? Kasyap (talk) 11:02, 12 February 2020 (UTC)[reply]

@Kasyap: this is an OAuth 2 consumer; I'm not really familiar with OAuth 2 but I don't think that URL should be involved at all. See mw:OAuth/For_Developers#OAuth_2. --Tgr (WMF) (talk) 18:59, 12 February 2020 (UTC)[reply]

@Tgr: Thank you so much for your help and time :)

@Tgr: Hello Tgr, Thank you for approving Tewiki-IIIT [1.0] and the status of the consumer application is also approved, but when I configured it I am getting an Application Connection Error saying "Tewiki-IIIT" is not approved as a Connected App. Contact the application author for help.. Could you please help me? Kasyap (talk) 06:02, 13 February 2020 (UTC)[reply]

@Kasyap: hm, there's only one consumer by that name and that's approved. OAuth 2 support is fairly new so maybe it has some bugs. Can you describe what exactly you are doing? --Tgr (WMF) (talk) 10:30, 13 February 2020 (UTC) @Tgr: I configured OAuth 2 on a locally hosted media wiki software(stable 1.34.0). I followed the Extension:OAuthAuthentication for the process of adding the extension. Initially I proposed a consumer application with OAuth 1.0 TewikiOauth-1.0, which has Identification only permission, due to that I couldn't get the user name. So I proposed another application OAuth 2.0 Tewiki-IIIT [1.0] with user identity verification which has access to user name. After approval, when I configured that I got an invalid signature error later after some while I am getting an Application connection error Kasyap (talk) 11:16, 13 February 2020 (UTC)[reply]

@Kasyap: I'm not sure OAuthAuthentication is functional at all (it is still in beta). It definitely won't work with an OAuth 2 consumer, it uses OAuth 1. (The error handling should be improved: T245050) --Tgr (WMF) (talk) 19:21, 13 February 2020 (UTC)[reply]

@Tgr: Thank you Tgr, your work really helped us. we really want OAuth to work on our local media wiki. Could you please approve another consumer application Tewiki-IIITH1.0 [1.0] which I proposed recently with OAuth 1.0 protocol version. Thank you again for your suggestions and work. Kasyap (talk) 05:48, 14 February 2020 (UTC)[reply]

@Kasyap: it was just approved by User:BDavis (WMF). Sorry about OAuth documentation and error messages being so poor :( --Tgr (WMF) (talk) 06:27, 14 February 2020 (UTC)[reply]

@Tgr: Thankyou for reply :)


@Tgr:, I think I hit the same issue with the DiBabel app - I just re-submitted the OAuth v1.0, please approve. Thx! --Yurik (talk) 01:52, 25 July 2020 (UTC)[reply]

Is it possible to switch my application from OAuth 2 to OAuth 1?[edit]

Hi Tgr, thank you for approving my OAuth request.

After I submitted the application, I realized that the Java library that I planned on using to run the OAuth flow (scribejava) only provides an implementation of OAuth 1 for Mediawiki and I would really like to use this library. Would it be possible to switch my application to OAuth 1? When I ran this example, just replacing the consumer key and consumer secret with the credentials that where given to me after the application, I get a "non-approved OAuth application" error, but that's probably because I try to apply OAuth 2 credentials to an OAuth 1 process.

Thanks in advance for your answer, Nonoxb (talk) 19:55, 2 March 2020 (UTC)[reply]

@Nonoxb: It's not, you need to propose it via Special:OAuthConsumerRegistration/propose as a new application / new version of the application. --Tgr (WMF) (talk) 00:45, 3 March 2020 (UTC)[reply]

Thank you, will do Nonoxb (talk) 16:21, 3 March 2020 (UTC)[reply]

OAuth approval (WLM tool)[edit]

Hi Tgr, could you look into this? Thank you. --AlessioMela (talk) 12:30, 7 April 2020 (UTC)[reply]

Hello again Tgr, thanks! The project moves on and now has a production domain: autorizzazioni.wikilovesmonuments.it
Should I open another request or is possibile to add a second domain (I want to keep localhost for develop)? I haven't seen how to do. --AlessioMela (talk) 10:32, 14 April 2020 (UTC)[reply]
@AlessioMela: You need to make a new request, there is no way to add or change domains currently. --Tgr (WMF) (talk) 12:55, 14 April 2020 (UTC)[reply]

Questionnaire invitation (a new tool to be developed, to verify media data)[edit]

Hi there, I'm developing a tool to assist users in verifying (structured) data of media on commons.

To understand the community's needs, I would like to invite you to participate in this questionnaire: https://docs.google.com/forms/d/e/1FAIpQLScbNdJdQYN1yBvEeKne48eWDU6SBsdlUfNBAmZyvUEBkCR1Gg/viewform?usp=sf_link. It should take ~2 minutes.

Thanks a lot. :D

(You received this message as you seems to have experience with structured data on Wikimedia projects.)

-- Gabrielchl (talk) 00:12, 21 May 2020 (UTC)[reply]

spi-tools consumer[edit]

Could you verify that this is set up correctly? When I install it in my production server and try to authenticate, I just get "Server Error (500)" and no other information. The development version of that key is working fine. RoySmith (talk) 18:49, 20 July 2020 (UTC)[reply]

@RoySmith: there is not much about an OAuth registration that could be incorrect in itself (it could be different from what the tool needs, of course, but those two consumers are identical so that's probably not the case). Unfortunately our server-side logging of client OAuth errors is pretty much useless so you'll have to figure out the error on your side. Maybe you are providing the wrong callback URL? --Tgr (WMF) (talk) 19:20, 20 July 2020 (UTC)[reply]
OK thanks. At least you confirmed they're the same from your point of view, so that's one less variable. For a moment I thought this might be https://phabricator.wikimedia.org/T258121, but I tried in an incognito window and got the same result. I'll keep hunting. RoySmith (talk) 20:00, 20 July 2020 (UTC)[reply]
I found it. My bad. This is a django app that doesn't do anything with a database except for what social-auth uses for its own purposes. I never initialized the db on the production server, which didn't cause any problems until I started authenticating. Anyway, thanks for your help. RoySmith (talk) 20:31, 20 July 2020 (UTC)[reply]
OAuth does not involve any cookies, FWIW. Anyway, glad to hear you worked it out. --Tgr (WMF) (talk) 14:26, 21 July 2020 (UTC)[reply]

OAuth registration change[edit]

Hi Tgr, my previous application has a mistake in it (it only limit the site to metawiki, which was incorrect), so I submit another proposal. How could I disable the old incorrect ones? Thanks. Bennylin 18:19, 8 May 2021 (UTC)[reply]

Hi @Bennylin! I disabled the previous one. Tgr (WMF) (talk) 19:39, 8 May 2021 (UTC)[reply]
Hi Tgr, something happened to the file that I kept the consumer_secret on, and now I can't retrieve it. Is there a way for me to get it back (key: a1156a41ee24b0c4b151176694845aea)? Thanks, and sorry for troubling you. Bennylin 14:20, 11 May 2021 (UTC)[reply]
@Bennylin no, but you can reset it (Special:OAuthConsumerRegistration/list > manage > Reset the secret key to a new value > Update consumer). Tgr (WMF) (talk) 10:30, 12 May 2021 (UTC)[reply]
Got it, and it's working now. Thanks a lot! Bennylin 00:10, 15 May 2021 (UTC)[reply]

Revision of my OAuth request[edit]

Hello Tgr and thank you for the work you do!

As you requested, I explained what exactly I need regarding Logging in Users for my tool Funpedia, as I requested 2FA permissions, which admittedly was illogic, and you declined the request.

Could you take a look at it and tell me what you think? Do I need to reapply again? The explanation is in my user talk page.

Thank you again! --Destokado (talk) 10:28, 16 June 2021 (UTC)[reply]

Incorrect OAuth protocol version[edit]

I meant for it to be OAuth 2.0, not OAuth 1.0a... oooops... Is there any way to change this? --Vukky (talk) 06:23, 19 August 2021 (UTC)[reply]

@Vukky there isn't, but you can always register another consumer. Tgr (WMF) (talk) 06:52, 19 August 2021 (UTC)[reply]

Approving Depictor[edit]

Thanks for the quick approving! Husky (talk) 19:02, 23 August 2021 (UTC)[reply]

Change callback URL?[edit]

Is it possible to change callback URL for https://meta.wikimedia.org/wiki/Special:OAuthListConsumers/view/7932d734a3c6cd93887b700c465800fb ?

The tool is migrating from https://ru_monuments.toolforge.org/snow/ to https://ru-monuments.toolforge.org/snow/ because of kubernetes issue. Avsolov (talk) 13:06, 10 February 2022 (UTC)[reply]

Hi @Avsolov, unfortunately not, you need to create a new consumer. Tgr (WMF) (talk) 19:45, 10 February 2022 (UTC)[reply]