Last modified: 2014-09-10 03:43:51 UTC
We originally planned to use meta as the central wiki for OAuth. Before we do this, we need to make sure: * All of the help pages are copied across * OAuth admin user rights are assigned to appropriate users - what's the process for this on meta? We probably also need to make sure we have solid policies established for app management (approvals, revocation, etc.) and who is an admins. Once that is in place, we can copy the database across. Since we track user's centralauth id's, no user id translations will need to happen.
If we copy it accross, then the logging table entries will need to be copied over to. These have local user_text and user_id fields. They would need to be replaced with the correct local values... How many apps are on mw.org? Maybe they can just be recreated on metawiki?
(In reply to comment #0) > * OAuth admin user rights are assigned to appropriate users - what's the > process for this on meta? For our initial deployment of the minimum viable product (i.e. today's deployment) we can use the existing structure we've got of staff doing it. For the long term, that's not viable. But, having a system in place to address these questions should be our focus for the next deployment. Control of this needs to be in the hands of the community. If you can switch it over to it working on Meta instead of MediaWiki before today's deployment, then you can do that. If you can't, then let's keep it on MediaWiki and shift over to Meta later. If we can't do an automated migration, pinging people to resubmit their authorisation requests shouldn't be the worst thing in the world to have to do. I'd say we can just give this to the stewards. But that's the easy part. The hard part is the social structure for who should get grants. Because this is somewhat distributed (each individual project can have its own grants) a structure like we have for advanced permissions should work. That is, we can give the actual power to the stewards, and let each individual project come up with some social structure to handle when the stewards should flip the switch. Projects that are too small to have that structure in place can have it handled by the stewards.
I decided to stick with mw.o for today, and we'll look at doing this switch sometime on or after Dec 2 (next open deployment date). <Aaron|home> so that would make mw.org the central wiki <csteipp> Aaron|home: Yeah, I think I'd rather do that in another window later. <Aaron|home> so any extra consumers after now will also get nuked? I guess you could do that <csteipp> I was planning to copy over any consumers, keeping the id, key, secret, but make them all pending. And then approve them with a comment like "See approval [[X]]" pointing to the mw.o log. <csteipp> Authorizations I would just copy over as is <Aaron|home> so they won't have any propose log entries? <csteipp> Correct <Aaron|home> there are 2 of them right? <csteipp> 2 approved last I checked... <csteipp> let me look though <Aaron|home> http://www.mediawiki.org/wiki/Special:OAuthListConsumers <Aaron|home> a few more <Aaron|home> though only 2 interesting ones <Aaron|home> I guess the logs could be copied over with a little script too * Aaron|home adds that to his TODO file
We need to migrate this to Meta in order to put it in a place that makes sense for the stewards. Setting priority accordingly.
(In reply to Dan Garry from comment #4) > We need to migrate this to Meta in order to put it in a place that makes > sense for the stewards. Setting priority accordingly. Dan: Who is going to work on this? Any timeframe?
(In reply to Andre Klapper from comment #5) > (In reply to Dan Garry from comment #4) > > We need to migrate this to Meta in order to put it in a place that makes > > sense for the stewards. Setting priority accordingly. > > Dan: Who is going to work on this? Any timeframe? I'm unsure on both fronts, honestly. We currently have little (read: no) engineering resourcing towards OAuth specifically.
It would be good to finalize our DB schema before we move it over, so we don't have to do db updates to meta after the move. Added some potential blockers to that. I think the Stewards have all been ok with taking ownership, and the process in general. Otherwise, Aaron and I just need to work out the checklist for the transfer, and try a couple dry runs.
Change 121131 had a related patch set uploaded by CSteipp: Add maintenance script to copy db tables https://gerrit.wikimedia.org/r/121131
Change 122867 had a related patch set uploaded by CSteipp: Move OAuth logs to another wiki https://gerrit.wikimedia.org/r/122867
Change 121131 merged by jenkins-bot: Add maintenance script to copy db tables https://gerrit.wikimedia.org/r/121131
Change 122867 merged by jenkins-bot: Move OAuth logs to another wiki https://gerrit.wikimedia.org/r/122867
All patches merged, resetting bug report status.
This ticket has been highest priority for four months now. Does this still reflect reality, and if so, who is supposed to continue working on this and when?
I think it's highest in that it's the project I work on if I have time. The reality is nobody is directly assigned to work on OAuth right now, so it's really just me in my spare time. So it's nice to keep it at the top of the priority list until it gets completed, but I'm not sure what kind of timeframe we have for it.