Navigating to https://api.wikimedia.beta.wmflabs.org/wiki/Special:AppManagement always shows existing clients and allows you to create clients
If you are not already logged in to Beta-Meta, the Beta API Portal app management page appears blank, not showing existing clients, and gives an error when trying to create clients. If you go to Beta-Meta and log in, then come back to the Beta Portal, the app management page works as expected,
For the cross-wiki functionality to operate, you need to be logged in on both API portal and on metawiki, but because it's not in auto-login list, you can end up being logged out of meta and logged in on API portal. In an attempt to address this, we've added API Portal to $wgCentralAuthAutoLoginWikis and allowed read of CentralAuth special pages on api portal, neither resolved the issue.
Steps to reproduce
- Make sure you are logged out of https://meta.wikimedia.beta.wmflabs.org/wiki/Main_Page
- Visit https://api.wikimedia.beta.wmflabs.org/wiki/Special:AppManagement
- See that no existing clients are visible and that you are unable to create a new client (requires permissions)
- Go and log in to https://meta.wikimedia.beta.wmflabs.org/wiki/Main_Page
- Return to https://api.wikimedia.beta.wmflabs.org/wiki/Special:AppManagement and see that the page now works as expected
"Access to XMLHttpRequest at 'https://meta.wikimedia.beta.wmflabs.org/w/rest.php/oauth2/client?limit=5&oauth_version=2&sort=%7B%22property%22%3A%22registration%22%2C%22direction%22%3A%22DESC%22%7D' from origin 'https://api.wikimedia.beta.wmflabs.org' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."
- Determine whether this issue is specific to the API Portal or not. (Based on some testing with production Meta and Wikipedia, my guess is that it's not.)
- Determine if a fix is possible and how to implement