User:Deskana (WMF)/OAuth consumer guidelines

OAuth is an open, secure protocol designed to give outside ("connected") applications the ability to perform edits and other actions on your behalf. An OAuth consumer is the application which is given this ability. This page details guidelines on when an application can become an OAuth consumer, and when it can have that status removed.

The stewards currently handle requests to be OAuth consumers.[1] If you are developer who wishes to register an application to be an OAuth consumer, please fill out the form here after reading the guidelines below.

Conditions for granting of OAuth consumer rights


An application may be granted status as an OAuth consumer if:

  • The accounts of all publishers of the application are active and in good standing in the Wikimedia community.
  • The application has a clearly described purpose.
  • The requested permissions match, and do not exceed, the described purpose.

Conditions for revocation of OAuth consumer rights


An application's status as an OAuth consumer may be temporarily or permanently revoked if:

  • The application appears to be malfunctioning.
  • The application is being misused and causing damage to the projects that cannot be feasibly undone in a quick and timely fashion.
  • The application is causing excessive strain on the servers, or causing other technical difficulties.

Should an application's status be revoked, the publishers of that application will be informed by email. This email will explain whether the revocation is intended to be temporary or permanent, and will include what steps need to be taken, if any, for the application's status to be restored.


  1. Wikimedia Foundation employees with staff rights also have the technical ability to manage OAuth consumer requests. Wikimedia Foundation staff use these rights for situations such as revoking consumer rights in the case that a consumer is causing excessive strain on the servers or causing other technical difficulties.

See also