Page MenuHomePhabricator
Create Task
Maniphest T9290

Cookie based API instead of OAuth
Closed, WontfixPublic
Actions

Description

It would be nice to be able to query phabricator via browser extensions. This allows us to write extensions that use the privileges of the currently user: for example, mousing over a task (in some other UI) can do an XHR to Phabricator to ask for task status, task title, etc. Right now, I can create an API app but it won't get the auth powers of the user currently on the browser and logged in to phabricator.

(sorry if this already exists; my Google skills didn't show much)

Event Timeline

devd created this task.Aug 31 2015, 6:51 AM
devd updated the task description. (Show Details)
devd added a subscriber: devd.
joshuaspence added a project: Conduit.Aug 31 2015, 8:58 AM
epriestley closed this task as Wontfix.Aug 31 2015, 10:43 AM
epriestley claimed this task.
epriestley added a subscriber: epriestley.

I don't plan to pursue this. I consider it highly desirable that users must explicitly grant permission to OAuth clients.

There will be a JS-based way to OAuth eventually, and OAuth will get more powerful than it currently is.

(Phabricator itself implements mouseover hovers using OAuth, e.g. with JIRA and Asana.)

Phabricator · Built by Phacility