Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reword help about data sharing #73

Merged
merged 11 commits into from
Jan 18, 2021
Merged

Reword help about data sharing #73

merged 11 commits into from
Jan 18, 2021

Conversation

nichtich
Copy link
Member

Make clear the data is shared with selected applications and link to /sessions for more information (should be done with #72).

@nichtich
Reword help about data sharing
ba0f18d 
Make clear the data is shared with selected applications and link to
/sessions for more information (should be done with #72).
@nichtich nichtich changed the base branch from master to dev January 13, 2021 11:16
@stefandesu
Copy link
Member

stefandesu commented Jan 14, 2021
edited
Loading

Looks good. I'll take a stab at #70 and #72 and we can merge it together.

Edit: I'd suggest to put this all into 0.4.0. Also, all these changes should be sufficient to close #27 and #66 as well.

@stefandesu
Copy link
Member

One issue with this new wording is that it sounds like the data is only made available for those applications listed under /sessions. But more than one application can use the same session if they are in the same browser, and only the application that initiated the login will be shown in the list. I would suggest listing the "selected applications" somewhere (on the top of /sessions?).

@stefandesu
Copy link
Member

stefandesu commented Jan 14, 2021
edited
Loading

One important piece of information that was missing is that, for some providers, access tokens are saved (and provided to applications) as well. For example, we need the OAuth token and token secret for Wikidata to be able to gain write access.

In case of OAuth, this isn't an issue since they can only be used in combination with an (if I understand correctly, your unique) application token. However, in the easydb integration, the token is also saved since there are plans to use this integration read/write in easydb as well. Those are not application-specific and could, in theory, be abused. (However, I will research if this is actually the case, and even if it is, we only provide access to trusted applications, so it shouldn't be an issue, right?)

Edit regarding easydb: Authenticated session tokens will expire after some (undefined) amount of time. So yes, this token can probably be used to access the easydb instance - that's why we're saving it.

@nichtich
Copy link
Member Author

I would suggest listing the "selected applications" somewhere (on the top of /sessions?).

Yes. Or show the application list as part of /help.

@stefandesu stefandesu added this to the 0.4.0 milestone Jan 15, 2021
@stefandesu
Copy link
Member

I made some adjustments (especially related to #72) and I think this is ready to be merged. @nichtich, can you take on last look at the changes?

@stefandesu stefandesu merged commit 88bb318 into dev Jan 18, 2021
@stefandesu stefandesu deleted the data-sharing branch January 18, 2021 08:28
@stefandesu
Copy link
Member

I merge it into dev already, but I'd still like to have @nichtich look through before we release the new version.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
0.4.0
Development

Successfully merging this pull request may close these issues.
2 participants
@nichtich @stefandesu