OAuth (obsolete info)

Could be some benefit to implementing OAuth to provide limited access to account permissions or information to third-party tools (web or client).

OAuth provides a standard protocol for negotiating secure access tokens, which don't reveal usernames or passwords to the third-party tool.

(Consider also OpenID, which doesn't exactly do the same thing. The two can work nicely together... TODO: find some relevant links from the Mozilla Labs presentation last month --brion 00:07, 24 July 2009 (UTC))

Relevant API actions

 * login
 * watchlist, watchlistraw, feedwatchlist
 * deletedrevs

From the "write" API:
 * rollback
 * delete
 * undelete
 * protect
 * block
 * unblock
 * move
 * edit
 * emailuser
 * watch
 * patrol
 * import
 * userrights

Benefits for users

 * Don't have to give their password to third parties
 * Can manage authorisation to third parties from the OAuth provider (ie MediaWiki)
 * see all authorisations they have granted
 * revoke any authorisation without having to change their password and without upsetting the others

Benefits for the wiki

 * Provides a way for third parties to "do the right thing" and not collect passwords
 * Provides a way to identify, on-wiki, actions made by third parties, and easily stop them if necessary

What is needed
(as well as the actual OAuth stuff, or as part of it)
 * Page on MW that lists all applications a user has authorised, and what exactly has been authorised, time limit (a Special page or maybe under Preferences)
 * Way for very privileged users (admins? bcrats?) to revoke an applications' authorisations site-wide (this is in case it "goes rogue")
 * Way to mass-rollback edits made by an application (perhaps similar to Extension:Nuke)