Topic on Talk:OAuth/For Developers

Jump to navigation Jump to search

What to use as client_id for OAuth2

4
Summary by Iwan.Aucamp

Moved question to here

Iwan.Aucamp (talkcontribs)

I'm trying to make a react based client to be hosted on a static site with [rfc:7636 PKCE flow] (more info here)

When I register an OAuth2 consumer at https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/list I get 3 pieces of info:

  • Client application key
  • Client application secret
  • Access token

The documentation says to use "client token" as "client_id". I have tried all 3 of the values, none work. I navigate to to https://meta.wikimedia.org/w/rest.php/oauth2/authorize?client_id=...&redirect_uri=...&response_type=code&scope=openid&state=,..&code_challenge=...&code_challenge_method=S256&response_mode=query

But this page tells me "Application Connection Error: Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method)". So I guess I'm doing something wrong, first step would be to verify that I am indeed using the correct thing for "client_id".

If someone has an example client that does this that I can have a look at it will be great.

APaskulin (WMF) (talkcontribs)

Thanks for this feedback, @Iwan.Aucamp! The client_id parameter in the example you've given should be populated with the client application key (called the "consumer key" in the Meta-Wiki consumer list view). I've updated this wiki page to clarify some terminology, but I think that major changes to both the docs and the interfaces in Meta are needed to clarify these workflows.

Yurik (talkcontribs)

@Iwan.Aucamp hi, I would like to build a react-based serverless app as well, do you have an example of how you got this solved? Would be a great way to foster simple web-based tools for various Wikipedia tasks. Thx!

Iwan.Aucamp (talkcontribs)

@Yurik I gave up, good luck though and I hope it works out.

Reply to "What to use as client_id for OAuth2"