Last modified: 2014-11-13 20:17:55 UTC
Created attachment 17054 [details] Oauth on mobile. when OAuth is triggered on mobile browsers, it still overlays the desktop site, and the dialog is not formatted for mobile screen.
The app owner can fix this by setting the redirect url to a clean mediawiki url (www.mediawiki.org/wiki/Special:OAuth/authorize?whatever), instead of a /w/index.php?title=Special:OAuth/authorize&whatever url. This is because mobile frontend's varnish config doesn't attempt to detect mobile devices for non-clean urls.
Chris. Do you have an example of this working correctly? I've not seen that.
(In reply to Jared Zimmerman (WMF) from comment #2) > Chris. Do you have an example of this working correctly? I've not seen that. I've just updated https://tools.wmflabs.org/oauth-hello-world/index.php to use /wiki/ for the authorization redirect, and it works. Re-marking this as INVALID since it's not a bug in OAuth, but in how the mobile redirect doesn't catch certain URLs.
two issues: That link doesn't seem to work. can you please post the correct one please? Bigger issue: developers are going to link to the wrong page, its just a fact of life, we can't let that error impact our end users who just need to use the apps. I see a few obvious options, feel free to brainstorm more… 1. Always translate the url to one that can dynamically switch to mobile site, irrespective of the url the app developer used. 2. Make the OAuth dialog responsive and mobile formatted irrespective of the site skin 3. make a new non-lightboxed OAuth page that is always responsive, because there is a single version, not a desktop, and mobile version 4.??? In the end, this needs to get fixed, by someone, mobile, platform, etc. We can't penalize the end user for an app developers error, lets make this a good experience for those who need it most.
(In reply to Jared Zimmerman (WMF) from comment #4) > two issues: > That link doesn't seem to work. can you please post the correct one please? The link is fine. But labs is down at the moment, see https://lists.wikimedia.org/pipermail/labs-l/2014-November/003094.html > 1. Always translate the url to one that can dynamically switch to mobile > site, irrespective of the url the app developer used. This one is not something that can be done in the OAuth extension.
Thanks for the update Brad, if option 1 is not possible we need to figure out what is. Do we have number about OAuth usage broken down by general usage, permission grants (successful/unsuccessful) and broken down by access device?
Created attachment 17075 [details] Oauth on mobile overlay OK, so the link provided for the hello world app now works, but we still have some major issues with this. - Title is "OAuth" this is unclear to users - Privacy policy link is not left aligned - non-bulleted list content is not indented to align with text from bulleted list content - Cancel and Allow are not right aligned - permission section header "Interact with pages" is not formatted bold - lack of wiki logo or branding could be confusing
What is this ticket about exactly? I see two different things here: * Comment 0 referred to not showing mobile layout at all. Screenshot implies that Phabricator is the app to fix via steps in comment 1; if still valid that should become a ticket against Phabricator itself. Comment 1 makes me guess it's somewhere in https://gerrit.wikimedia.org/r/#/c/139438/5/src/auth/PhutilAuthAdapterOAuthMediaWiki.php * Comment 7 seems to be about issues with the mobile layout which is not reflected to the current summary of this ticket.
(In reply to Andre Klapper from comment #8) > What is this ticket about exactly? I see two different things here: > > * Comment 0 referred to not showing mobile layout at all. > Screenshot implies that Phabricator is the app to fix via steps in comment > 1; if still valid that should become a ticket against Phabricator itself. > Comment 1 makes me guess it's somewhere in > https://gerrit.wikimedia.org/r/#/c/139438/5/src/auth/ > PhutilAuthAdapterOAuthMediaWiki.php It was fixed, and then unfixed, in Phabricator. Upstream didn't want to handle two urls, and their OAuth1 support wouldn't allow using only clean urls. > * Comment 7 seems to be about issues with the mobile layout which is not > reflected to the current summary of this ticket. I *think* this is what it's about, although iirc, there's already a ticket open for these.
two, semi-seperate issues. 1. Phabricator was pointed to a hard-coded url, which did not autoredirect to mobile as needed, this is logged in phab, and possibly already fixed. 2. A request to change our OAuth, so that even hard coded urls are redirected to mobile, or desktop as needed rather than sending people to the wrong presentation for their device. (this bug)