Thread:Talk:OAuth/OAuth 2 over https

That response on OAuth 2 over https is misleading. OAuth 1 included reasonable levels of security even without https, OAuth 2 removed them because they thought the signatures were too complex (And as far as discoverability the OAuth 2 editor has some negative comments about signature removal).

If this is going to be a real MediaWiki feature rather than something practically Wikipedia only then what we're really going to have to aim for is an abstract interface which is extended by extensions implementing OAuth 2, OAuth 1, and perhaps some other form of auth not something written from the start to only support OAuth 2.