Last modified: 2013-11-10 21:53:59 UTC
Looking at [[testwiki:Special:MWOAuthManageMyGrants]], there's no (exposed) log of OAuth-related actions (changing grants, authorizing an app, deauthorizing an app, etc.). It would be nice if there were a per-user log.
The actions a regular user takes are not logged (just like me changing my preferences is not logged). I'm not sure why this should be logged.
(In reply to comment #1) > The actions a regular user takes are not logged (just like me changing my > preferences is not logged). I'm not sure why this should be logged. I agree that typical actions, such as logging in or logging out, don't need to be logged. But, as I understand it, we're talking about granting or revoking outside applications access to your account. I think this should be logged on a per-user basis, publicly or privately.
(In reply to comment #2) > But, as I understand it, we're talking about granting or revoking outside > applications access to your account. I think this should be logged on a > per-user basis, publicly or privately. Given that each edit will be tagged with the OAuth consumer ID that performed the action, I'm presently see no benefit to logging this.
(In reply to comment #3) > Given that each edit will be tagged with the OAuth consumer ID that performed > the action, I'm presently see no benefit to logging this. You don't see any benefit to providing a log? This seems a bit short-sighted. Though even if we accepted that there's little benefit, do you see any possible harm from implementing such a log?
(In reply to comment #4) > You don't see any benefit to providing a log? This seems a bit short-sighted. Why don't you tell me what the actual benefit is, then? You've not done that so far in this bug. Then I'm more than willing to reconsider my position. > Though even if we accepted that there's little benefit, do you see any > possible > harm from implementing such a log? No. However, since I also see no benefit, this is very low on my list of priorities.
(In reply to comment #5) > Why don't you tell me what the actual benefit is, then? Let's try a real-life example. Here's an edit made by your account on the test Wikipedia: --- 21:58, 19 September 2013 (diff | hist) . . (+317) . . User talk:Deskana (→Hello, world: Hello from OAuth!) (current) (Tag: OAuth CID: 1) --- From the revision tag, we can see that the edit was made via an OAuth application. How do you prove or disprove that this application was authorized to make an edit on your behalf?
(In reply to comment #6) > From the revision tag, we can see that the edit was made via an OAuth > application. How do you prove or disprove that this application was > authorized to make an edit on your behalf? Because if it wasn't then it couldn't have made the edit? It's like asking how you prove or disprove that someone had the user right to delete a page that they deleted. Absent major bugs or manipulation by people with shell access, you know the person had the user right because they were able to make use of it, and "so I can detect rare major bugs" doesn't seem very compelling. A better example, perhaps, would be if you wanted to be able to audit when exactly you gave that app permission to make edits on your behalf.
(In reply to comment #7) > (In reply to comment #6) >> From the revision tag, we can see that the edit was made via an OAuth >> application. How do you prove or disprove that this application was >> authorized to make an edit on your behalf? > > Because if it wasn't then it couldn't have made the edit? It's like asking > how you prove or disprove that someone had the user right to delete a page that > they deleted. Surely I needn't be the one to point out that all user groups changes are logged in MediaWiki core (cf. [[Special:Log/rights]]). :-) > A better example, perhaps, would be if you wanted to be able to audit when > exactly you gave that app permission to make edits on your behalf. Sure, human memory being notoriously fickle is another great reason to keep a log. I nearly mentioned this above, but forgot. (-; I think logging privilege escalation and de-escalation is an obvious feature to include, though I can't do more than shrug at some of the responses on this bug report. I think time and experience will bear me out on this one.
(In reply to comment #8) > (In reply to comment #7) > > (In reply to comment #6) > >> From the revision tag, we can see that the edit was made via an OAuth > >> application. How do you prove or disprove that this application was > >> authorized to make an edit on your behalf? > > > > Because if it wasn't then it couldn't have made the edit? It's like asking > > how you prove or disprove that someone had the user right to delete a page that > > they deleted. > > Surely I needn't be the one to point out that all user groups changes are > logged in MediaWiki core (cf. [[Special:Log/rights]]). :-) But you don't need to use that log in the case you mentioned. You would use it for auditing, which is somewhat more interesting because there are other users involved in the granting/removal of the rights and there are comments by those users.
This is a useful enhancement for the future, but does not block deployment.
