Help:OAuth/zh

OAuth 是一种提供站外已连接应用使用你的身份操作维基百科的认证方式. 通过这种认证方式，你可以授予一个已连接应用操作你的账户，而无需提供密码. OAuth 已被全世界众多网站所采用，如 Google 和 Flickr.

常见问题
如果你的疑问并未得到解答，请在讨论页提问，热心用户将会为你解答.

OAuth 安全吗？
是的，OAuth本身即是设计为一种安全的第三方认证方式.

首先，OAuth允许第三方应用操作你的账户，而无需你提供密码. 只有那些你已授权的应用可以操作你的账户，如果你取消授权，这个应用将立即无法操作你的账户.

其次，每一个你所授权的第三方应用都只能进行你所授权的操作. 这就像是，假设你是一个管理员，你授权了一个只要求基础权限的应用，如果这个应用想要删除页面（需要管理员权限），这个请求将立即被否决. 在此之前，如果你向第三方应用提供了密码，你将只能期盼于应用开发者不会做出那些过分的事情了.

这将如何立刻影响到我？
应用无法在未得到授权的时候操作你的账户，所以在你决定要使用一个用了OAuth的应用之前，你将不会受到影响.

我该如何将应用连接到我的账户？


If an application wishes to use OAuth to take actions on your behalf, you will have to authorize it to do so. Applications cannot take any actions on your behalf without authorization.

When an application asks you to authorize it, you will be presented with a dialog which tells you the what rights the application has asked for (see image on the right). If you click "Cancel", the authorization process is declined. If you click "Allow", the application will be authorized to take the actions listed in the dialog.

A list of currently approved applications is available at Special:OAuthListConsumers.

How can I see what applications are connected to my account?
The page Special:OAuthManageMyGrants (which is also accessible from the "User profile" tab in your preferences) lists all the applications you have authorized to access your account. From this page, you can also adjust and revoke grants.

How do I remove an application's ability to access my account?
Go to Special:OAuthManageMyGrants, find the application you want to remove access for, and click "revoke access". Then, on the page that opens, click the "Deauthorize" button.

Once an application is deauthorized, it will no longer be able to access your account or take any actions on your behalf. You will have to go through that application's authorization process again in order for it to access your account.

How do I change what actions an application can take with my account?
Go to Special:OAuthManageMyGrants, find the application you want to modify the permissions for, and click "manage access". From here you can revoke any individual permissions, excluding "Basic rights" which are the minimal rights required by all connected applications to function.

Please note that altering or removing permissions from an application's grant may cause the application to stop working properly for you.

Can I see an example of how OAuth works?
Brad Jorsch has put together an example of how OAuth works called "OAuth Hello World!". To try it, go to https://tools.wmflabs.org/oauth-hello-world/.

Where can I register my own application?
Here. (Make sure to use "http://" in the callback URL or the callback won't work!)