Довідка:OAuth
Зверніть увагу! Коли Ви редагуєте цю сторінку, то погоджуєтесь робити свій внесок під ліцензією CC0. Детальніше про умови ліцензії можна дізнатися на сторінці довідки. |
OAuth (short for open authorization) is a means of giving outside ("connected") applications the ability to perform edits and other actions on your behalf. Using this authentication protocol, you can authorize ("grant") a connected application the ability to act using your account without the need to divulge your password, and without getting access to functionality it is not supposed to use. The OAuth protocol is widely used by other websites, including major sites such as Google and Flickr.
An example of how OAuth can be used on Wikimedia wikis is the image editing helper CropTool.
Часті питання
Якщо ви не знайшли відповіді на ваше запитання, не вагайтеся запитувати на сторінці обговорення, де хтось вам відповість.
Чи безпечний OAuth?
Yes, the OAuth protocol is designed to be a secure method for third-party authorization.
Firstly, OAuth allows third-party websites to access your account without you having to give them your password. Applications are able to access your account if and only if you authorize them to do so, and if you revoke that right, then the application will immediately be unable to take actions on your behalf.
Secondly, each third-party website you authorize is allowed to take only the specific actions you authorized it to. This means that, for example, if you are an administrator, and you authorize an application that asks only for "Basic rights", if the application tries to delete a page (which requires admin rights) then that wiki will reject the request. Previously, if an application had your password, you were relying on the assurances of the author of the application that it would not use your advanced rights.
Як це вплине на мене?
Додатки не можуть робити жодних дій від вашего імені без дозволу, тому доки ви не вирішите, що хочете використати додаток, котрий використовує OAuth, на вас це взагалі не позначиться.
Як я можу підключити програму до мого облікового запису?
If an application wishes to use OAuth to take actions on your behalf, you will have to authorize it to do so. Applications cannot take any actions on your behalf without authorization.
When an application asks you to authorize it, you will be presented with a dialog that tells you what rights the application has asked for (see image on the right). If you click "Cancel", the authorization process is declined. If you click "Allow", the application will be authorized to take the actions listed in the dialog. The authorization will remain in effect until you revoke it.
A list of currently available applications is available at Special:OAuthListConsumers.
Як мені побачити, які додатки підключені до мого облікового запису?
The page Special:OAuthManageMyGrants (which is also accessible from the "User profile" tab in your preferences) lists all the applications you have authorized to access your account. From this page, you can also adjust and revoke grants.
Як заборонити додатку доступ до облікового запису?
Go to Special:OAuthManageMyGrants, find the application you want to remove access for, and click "revoke access". Then, on the page that opens, click the "Deauthorize" button.
Once an application is deauthorized, it will no longer be able to access your account or take any actions on your behalf. You will have to go through that application's authorization process again in order for it to access your account.
The management interface is global—it will show the same applications, no matter which Wikimedia wiki you are on.
Як вибрати дії, котрі додаток може робити, використовуючи мій обліковий запис?
Go to Special:OAuthManageMyGrants, find the application you want to modify the permissions for, and click "manage access". From here you can revoke any individual permissions, excluding "Basic rights", which are the minimal rights required by all connected applications to function.
Чи можу я побачити приклад роботи OAuth?
Бред Джорш навів приклад роботи OAuth викликом повідомлення "OAuth Hello World!". Щоб спробувати, переходь на https://oauth-hello-world.toolforge.org/.
Як я можу використовувати OAuth у своєму додатку?
Дивись документацію для розробників.