Wikimedia Engineering Productivity Team/Read papers and talk/2020-12-07
- The OAuth 2.0 Authorization Framework
- https://tools.ietf.org/html/rfc6749
Presentation
[edit]- https://files.liw.fi/temp/oauth2.pdf temporarily
Add questions to Lars here, to be answered after presentation
[edit]Discussion
[edit]- Zeljko: this one was hard to read
- Liw: my memory is that this was short and easy but that was in contrast to openid connect
- One of my side projects is explaining this as I wish someone would have explained it to me
- Elena: https://yuck.liw.fi/ + presentation is useful
- LIW: good practice for authentication service provider to remind people. It would be nice to have a time-limited authorization; i.e., I authorize this for 3 months.
- Zeljko: I remember giving username and password in the past
- LIW: OpenID Connect is built ontop of oauth2. These things are not beginner friendly. SAML is awful :)
- general discussion about how the internet's now terrible
- Enabled by default on all wikis (except private wikis), abused by phab