Replace link to WMF privacy policy with link to app's privacy policy on OAuth authorize dialog
Open, HighPublic
Actions

Assigned To

None

Authored By

	• csteipp
	Mar 15 2014, 1:32 AM

Description

OAuth apps have their own rules for handling private data, which are different from the WMF privacy rules. Users should be using such apps at their own risk, but to be able to evaluate such risk, there should be some way to evaluate the app's privacy policy & data retention rules.

We should add a new field (oarc_privacy_policy_url or similar) to the consumer table, ask the owner for a privacy policy URL when registering the app, and display that URL in the authorization form.

Details

Reference: bz62686

Related Objects
Search...

Status	Assigned	Task
Open	None	T90925 General authentication improvements for MediaWiki
Open	None	T86869 Support a nice sso experience with MediaWiki's OAuth
Resolved	• dpatrick	T68493 Special:OAuth doesn't provide a grant to access to private info of users
Open	None	T75062 OAuth permission screen needs redesign for better usability and comprehension
Open	None	T64686 Replace link to WMF privacy policy with link to app's privacy policy on OAuth authorize dialog
Open	None	T98843 Store a link to app's privacy policy in OAuth consumer registration form
Open	None	T64687 Add warning for user on /authorize about privacy policy

Event Timeline

• bzimport raised the priority of this task from to High.Nov 22 2014, 2:53 AM

• bzimport added a project: MediaWiki-extensions-OAuth.

• bzimport set Reference to bz62686.

• bzimport added a subscriber: Unknown Object (MLST).

• csteipp created this task.Mar 15 2014, 1:32 AM

• csteipp added a parent task: T86869: Support a nice sso experience with MediaWiki's OAuth.Jan 22 2015, 10:53 PM

Ricordisamoa subscribed.Feb 12 2015, 10:02 AM

bd808 added a parent task: T68493: Special:OAuth doesn't provide a grant to access to private info of users.Feb 25 2015, 10:53 PM

bd808 mentioned this in T75062: OAuth permission screen needs redesign for better usability and comprehension.Mar 6 2015, 2:47 AM

bd808 added a parent task: T75062: OAuth permission screen needs redesign for better usability and comprehension.

bd808 moved this task from Backlog to UI/UX on the MediaWiki-extensions-OAuth board.Mar 6 2015, 10:15 PM

bd808 added a project: Reading-Infrastructure-Team-Old (Don't use).Mar 30 2015, 7:34 PM

bd808 subscribed.

• csteipp mentioned this in T59457: Split privacy policy message into link and display text.Apr 13 2015, 5:50 PM

MarkTraceur mentioned this in T64687: Add warning for user on /authorize about privacy policy.Apr 14 2015, 11:01 PM

Tgr added a parent task: T69051: Privacy policy text should be aligned with the rest of the text, not outdented.May 12 2015, 10:19 AM

Tgr renamed this task from Remove link to WMF privacy policy on OAuth Authorize to Replace link to WMF privacy policy with link to app's privacy policy on OAuth authorize dialog.May 12 2015, 10:22 AM

Tgr updated the task description. (Show Details)

Tgr set Security to None.

Tgr added a subtask: T98843: Store a link to app's privacy policy in OAuth consumer registration form.

Tgr mentioned this in T69082: Message describing OAuth activities is confusing to end user (in context of Wikidata Game).May 12 2015, 1:52 PM

Tgr removed a parent task: T86869: Support a nice sso experience with MediaWiki's OAuth.May 12 2015, 3:26 PM

Tgr removed a subtask: T58946: Add URL for OAuth Consumers.Jun 23 2015, 12:07 AM

Tgr added a subtask: T64687: Add warning for user on /authorize about privacy policy.Jun 23 2015, 12:13 AM

Tgr removed a parent task: T69051: Privacy policy text should be aligned with the rest of the text, not outdented.Jun 29 2015, 7:18 PM

Tgr added a project: Epic.

Tgr subscribed.

Anomie mentioned this in T68493: Special:OAuth doesn't provide a grant to access to private info of users.Jun 29 2015, 8:06 PM

• dpatrick claimed this task.Jul 15 2016, 3:08 AM