Objectives
- In the API Portal, present developers with an easily understandable set of scopes to choose from when creating clients
- Tailor scopes so that when an app is requesting authorization from a user, the user feels like the scopes being requested are reasonable
- In the API Portal, offer scopes that cover only the functionality provided by API Gateway APIs
- If we need to change the set of offered scopes to account for new APIs added to the gateway, have this happen relatively infrequently so that we don't overwhelm developers with needing to recreate their clients
Background
In T249781, we mapped rights to the core REST API endpoints, but I now think that this was based on a mistaken interaction of the relationship between rights as used by the REST handlers and rights as applied to OAuth clients. What we're looking to determine here, is what to include on the API Portal's create client view.
Grant mapping
Grants that map to the functionality provided by the core REST and wikifeeds APIs (APIs for initial gateway launch):
- basic (See question 1)
- highvolume
- editpage (See question 2)
- editprotected
- editmycssjs
- editinterface (See question 3)
- editsiteconfig
- createeditmovepage
- viewdeleted
Grants that do not map to functionality provided by those APIs and do not need to be offer via the Portal:
- editmyoptions
- uploadfile
- uploadeditmovefile
- patrol
- rollback
- blockusers
- viewrestrictedlogs
- delete
- oversight
- protect
- viewmywatchlist
- editmywatchlist
- sendemail
- createaccount
- privateinfo
- mergehistory
- checkuser
- shortenurls
- globalblock
- setglobalaccountstatus
- oath
Questions
- Does the basic grant allow page editing?
- Because of the overlap, could we omit editpage in favor of createeditmovepage?
- Because of the overlap, could we omit editinterface in favor of editsiteconfig?
- How do grants correspond to the strings shown to users in authorization requests?
Grants to offer in the Portal (pending open questions)
- basic
- createeditmovepage
- viewdeleted
- editprotected
- editmycssjs
- highvolume
- editsiteconfig