ThirdParty is a planned system for allowing users to edit Wikipedia using third-party services. It will allow users to grant certain websites permission to edit in their name. Communication between ThirdParty and the other website will happen using cross-document messaging. ThirdParty itself will be implemented entirely on Wikipedia, as a user script which users can install and a set of subpages.
Basic Architecture
editThe other website directs the user to /Connect. If the user is already logged in and using ThirdParty, they will be directed back to the previous page, which will then know that they are logged in. Otherwise, the page will tell the user to log in and give them directions for installing the user script. The other website can then open /API in a hidden iFrame and use cross-document messaging to use the Wikimedia API.
The first time the user uses a new website, they will be asked if they want to allow that website permission to edit in their name while they are logged in to Wikipedia. If they say yes this will be saved to Special:MyPage/ThirdParty Allowed Websites. They will be able to revoke this permission at any time by editing this page or going to /Dashboard.
In the future, customizable permissions may also be set up so a website can be disallowed from certain actions.
Security
editFor each request, the domain will be checked against the list of allowed domains. If the domain is not allowed to edit, the request will not be passed on to the API. Authentication will remain entirely on Wikipedia's servers; the other website will not be able to access the user's credentials, as they cannot be retrieved through the API.
Proposed Names
editThirdParty is a temporary name until a better one is picked. The following names have been proposed:
If you have a suggestion, please tell me!