Wikimedia Engineering Productivity Team/Read papers and talk/2020-12-07


 * The OAuth 2.0 Authorization Framework
 * https://tools.ietf.org/html/rfc6749

Presentation

 * https://files.liw.fi/temp/oauth2.pdf temporarily

Discussion

 * Zeljko: this one was hard to read
 * Liw: my memory is that this was short and easy but that was in contrast to openid connect
 * One of my side projects is explaining this as I wish someone would have explained it to me
 * Elena: https://yuck.liw.fi/ + presentation is useful
 * LIW: good practice for authentication service provider to remind people. It would be nice to have a time-limited authorization; i.e., I authorize this for 3 months.
 * Zeljko: I remember giving username and password in the past
 * LIW: OpenID Connect is built ontop of oauth2. These things are not beginner friendly. SAML is awful :)
 * general discussion about how the internet's now terrible
 * Enabled by default on all wikis (except private wikis), abused by phab