Thread:Talk:OAuth/OAuth plans/reply (8)

We've been overhauling portions of MediaWiki for awhile, I see no reason to cut corners, not overhaul something that seams like it calls for it, and come out with a half-baked feature for something like this.

The only performance implications new columns have is in schema updates. New tables can also add other performance implications such as JOINS. So we're not going to get away with cutting corners and pretending that we shouldn't overhaul something and instead implement something that doesn't need to take the best decision for performance into account. Whether that's a column change or another table with say a pair of columns that point to a table and a primary key.

And something that doesn't properly associate the app/user to a change in an absolute way, especially something at the granularity of just a timestamp feels very fragile and liable to not work right.

What we're talking about here is code that will allow for a user session that only has partial permissions of a normal user session. Something that MediaWiki naturally was not coded to expect. Naturally it's possible that a feature like this will require a partial overhaul to make work correctly.

Also I don't like the idea of the core functionality of associating a change with an app being implemented in an extension. That seams like something that's liable to not be very compatible with extending into extensions. Some extensions add new api portions, and I'd hate to see an implementation of a feature that includes OAuth and the 3rd parties using it can't use something like LQT's api because LQT can't integrate the code needed to support OAuth in it's api. Or see that such a feature requires a bunch of tests all over extension code to ensure that the extension can actually work when the OAuth extension is not installed.