Extension:OAuth/Usage


 * 1) What is OAuth for & Why use it
 * 2) Develop/maintain a tool that people want to use, and that requires a login to Wikipedia
 * 3) OAuth Basics:
 * 4) Provider - Resource Owner/User - Consumer/Client
 * 5) (discuss: key/secret)
 * 6) Identify
 * 7) How do I get started?
 * 8) Requirements
 * 9) Tools: some programming language....
 * 10) Somewhere to store keys and secrets
 * 11) Often a web server
 * 12) Might be some application storage
 * 13) Register your consumer (https://www.mediawiki.org/wiki/Special:OAuthConsumerRegistration)
 * 14) Application name
 * 15) Permissions needed by the app (you'll version these)
 * 16) Callback URL (pointing back to the app -- see OAuth basics)
 * 17) Discuss fields one-by-one
 * 18) Obtain consumer key/secret **Make sure you store the secret in a secure location.  This is your only chance to do so.** (You can generate new secrets)


 * 1) Implementing OAuth in your tool
 * 2) Consider libraries -- depends on language and framework
 * 3) * (See Extensions page)

Step 0: User requests login


Step 1: Initiate request

 * 1) Here, we're asking for a "resource owner token" (aka: oauth_token) and "resource owner secret" to "Special:OAuth/initiate"
 * 2) * They will be returned (application/x-www-form-urlencoded) as oauth_token= &oauth_token_secret=

Step 2: User authorizes consumer/client

 * 1) Next, we'll be redirecting the user to MediaWiki to authorize your app to "Special:OAuth/authorize"
 * 2) ?title=Special%3AOAuth%2Fauthorizeoauth_consumer_key=85c9f176fcb96952f1b3b967cbb4ef9e&oauth_token=6dc418ce420e133b6941e2bbe7ae1fce
 * 3) User hits "OK" and mediawiki sends the user back to your "callback URL" (see OAuth basics)

Complete request
Handle redirect callback (see Callback URL & OAuth basics)
 * 1) MediaWiki sends the user back to ?oauth_verifier=4d81bd0eabd7eca168d299037fedafc1&oauth_token=6dc418ce420e133b6941e2bbe7ae1fce
 * 2) * You must check that the "oauth_token" matches the "resource owner's" key ("oauth_token" from request to "Special:OAuth/initiate")
 * 3) Assuming that the user said OK: Ask for the *real* key and secret to ?title=Special%3AOAuth%2Ftoken
 * 4) * They will be returned (application/x-www-form-urlencoded) as oauth_token= &oauth_token_secret=
 * 5) ** AKA "resource owner key" and "resource owner secret"
 * 6) Store this for future requests on behalf of the user.