Help:OAuth/it

 'OAuth'  è un mezzo per dare alle applicazioni esterne collegate la possibilità di eseguire modifiche e altre azioni a vostro nome. Con l'utilizzo di questo protocollo di autenticazione, è possibile autorizzare ("grant") a un'applicazione connessa la capacità di agire per conto vostro, senza la necessità di divulgare la password. Il protocollo OAuth è ampiamente utilizzato anche da altri siti web, tra i più importanti come Google e Flickr.

Un esempio di come OAuth può essere utilizzato sulle Wiki's di Wikimedia è l'aiutante di editing delle immagini CropTool.

Domande frequenti
Se la vostra domanda non trova risposta qui, non esitate a chiedere nella pagina di discussione e qualcuno risponderà per voi.

OAuth è sicuro?
Sì, il protocollo OAuth è progettato per essere un metodo sicuro per l'autorizzazione di terze parti.

In primo luogo, OAuth consente ai siti web di terze parti di accedere al tuo account senza dover dare loro la password. Le applicazioni sono in grado di accedere al tuo account se e solo se si autorizza a farlo, e se si revoca, l'applicazione non potrà più effettuare azioni per vostro conto.

Secondly, each third-party website you authorize is only allowed to take the specific actions you authorized it to. This means that, for example, if you are an administrator and you authorize an application that asks only for "Basic rights", if the application tries to delete a page (which requires admin rights) then that wiki will reject the request. Previously, if an application had your password, you were relying on the assurances of the author of the application that it would not use your advanced rights.

How does this affect me right now?
Applications cannot take any actions on your behalf without authorization, so until you decide you want to use an application which uses OAuth, you're not affected at all.

How do I connect an application to my account?


If an application wishes to use OAuth to take actions on your behalf, you will have to authorize it to do so. Applications cannot take any actions on your behalf without authorization.

When an application asks you to authorize it, you will be presented with a dialog which tells you what rights the application has asked for (see image on the right). If you click "Cancel", the authorization process is declined. If you click "Allow", the application will be authorized to take the actions listed in the dialog.

A list of currently available applications is available at Special:OAuthListConsumers.

How can I see what applications are connected to my account?
The page Special:OAuthManageMyGrants (which is also accessible from the "User profile" tab in your preferences) lists all the applications you have authorized to access your account. From this page, you can also adjust and revoke grants.

How do I remove an application's ability to access my account?
Go to Special:OAuthManageMyGrants, find the application you want to remove access for, and click "revoke access". Then, on the page that opens, click the "Deauthorize" button.

Once an application is deauthorized, it will no longer be able to access your account or take any actions on your behalf. You will have to go through that application's authorization process again in order for it to access your account.

The management interface is global - it will show the same applications, no matter which Wikimedia wiki you are on.

How do I change what actions an application can take with my account?
Go to Special:OAuthManageMyGrants, find the application you want to modify the permissions for, and click "manage access". From here you can revoke any individual permissions, excluding "Basic rights" which are the minimal rights required by all connected applications to function.

Altering or removing permissions from an application's grant may cause the application to stop working properly for you.

Can I see an example of how OAuth works?
Brad Jorsch has put together an example of how OAuth works called "OAuth Hello World!". To try it, go to https://tools.wmflabs.org/oauth-hello-world/.

Where can I register my own application?
Here. (Make sure to include the protocol (i.e. " http:// " or " https:// ") in the callback URL or the callback won't work!)

Vedi anche

 * OAuth Hello World application written in PHP
 * flask-mwoauth library


 * OAuth/For Developers
 * OAuth/Owner-only consumers