A partial archive of https://discourse-mediawiki.wmflabs.org as of Saturday May 21, 2022.

Are OAuth access tokens limited to a single wiki?

LucasWerkmeisterWMDE

When developing a tool that is supposed to work with www.wikidata.org and test.wikidata.org:

  • Do I need two separate OAuth consumers? (I assume not, since consumer registration is on Meta anyways; however, it seems you can’t restrict a consumer to more than one wiki, so this would be a consumer for all wikis.)
  • Do I need to send the user through the authorization process twice to obtain two sets of access tokens, or can access tokens obtained on www.wikidata.org (or meta.wikimedia.org) also be used on test.wikidata.org?

I hope that I can use one set of access tokens across all wikis, but in that case I find it a bit confusing that the documentation of several OAuth libraries I found uses en.wikipedia.org instead of meta.wikimedia.org in their code examples for the authorization process.

Tgr

Authorization happens once per consumer. if it’s a global consumer, it will be authorized globally. You can use any wiki where the consumer is allowed to operate; using enwiki (or in general the wiki most relevant for the consumer) is nicer user experience than using meta.