We have an internal website (let's call it error-viewer) for triaging errors in a particular service. We want to integrate this website with maniphest by adding the ability to associate a maniphest task with each error. We'd like this to be possible without ever having to leave error-viewer.
Specifically, each item in error-viewer should be in one of two states:
(1) Associated with a maniphest task, in which case the item should have some visual indication of whether the task is open or closed. Users should be able to mark a maniphest task as open/closed without ever leaving error-viewer.
(2) Not associated with a maniphest task, in which case the item should have a button that lets me create a maniphest task without leaving error-viewer.
When a task is created, opened or closed from error-viewer, the associated task in maniphest should show which user closed the task. It shouldn't say "Maniphest-bot closed this task" -- it should say "rjkaplan closed this task".
- Create tasks by sending an email to firstname.lastname@example.org. This doesn't provide a way to update tasks or query their status from error-viewer.
- Ask the user for their conduit API certificate and use the conduit API to make these requests. This is an annoyance for each new person to use our website (they have to find their certificate in the phabricator UI and give it to us). It's also less secure in all the ways that single-certificate based auth is less secure than OAuth. Won't go into that here.
- Create an admin user "Conduit-API-bot" and use its conduit API certificate and the "actAsUser" feature in the conduit API to pretend to be whatever user is logged in. But the "actAsUser" functionality is deprecated (for good reason).
- Use OAuth! This seems ideal (much easier to go through an OAuth flow than to find your certificate in the phabricator UI and give it to us - also feels less sketchy) but you can't create tasks through the OAuth API because ManiphestCreateTaskConduitAPIMethod::getRequiredScope resolves to ConduitAPIMethod::getRequiredScope which returns PhabricatorOAuthServerScope::SCOPE_NOT_ACCESSIBLE.
Provide a way to create/update/get the open/closed state of tasks via OAuth.