Page MenuHomePhabricator
Create Task
Maniphest T142303

Two-account workflow is not available with OAuth
Closed, ResolvedPublic
Actions

Description

Pywikibot normally uses two accounts: a bot account and a sysop account, the latter only for actions which need elevated permissions. When using OAuth as the authentication method, this possibility is not supported.

(IMO separate bot accounts are a relic of the past: OAuth allows you to prevent access to scary permissions like editinterface, and can tag actions that happen through OAuth, so there is no need for a separate account anymore. Workflows have their momentum, though, so it would be nice if it was supported anyway.)

Related Objects

Event Timeline

Tgr created this task.Aug 6 2016, 6:40 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 6 2016, 6:40 PM
Tgr mentioned this in T142155: Bot can't login. keyError in GetCookie.Aug 7 2016, 2:34 AM
Anomie subscribed.Aug 7 2016, 9:19 PM

Note there's no reason it can't support two accounts. It just has to use OAuth credentials for the normal or sysop account as appropriate when sending the request instead of re-logging-in or swapping cookie jars (I don't know which it might do) to switch between the two.

whym mentioned this in T102602: Add OAuth support for Pywikibot.Oct 29 2016, 3:07 AM
Alkamid subscribed.Oct 30 2016, 12:42 PM
Masti subscribed.Nov 28 2016, 6:42 PM
Phabricator_maintenance added a project: Pywikibot.Mar 23 2019, 10:14 PM
Restricted Application added a subscriber: pywikibot-bugs-list. · View Herald TranscriptMar 23 2019, 10:14 PM
Dalba mentioned this in T229293: invalid CSRF token error shown with each block.Aug 17 2019, 4:43 AM
Huji subscribed.Aug 17 2019, 12:55 PM

I am not fluent in MW API, so let me ask this: is there a way to ask the API "who am i"? Or "which groups am I a part of"? Because if so, then all Pywikibot has to do is when OAuth is used it should check to make sure it is indeed authenticated using a sysop account before trying each sysop action.

Dvorapa subscribed.Aug 19 2019, 8:45 AM

before trying each sysop action.

or just once and then cache the result

Anomie added a comment.Aug 27 2019, 7:24 PM
In T142303#5419491, @Huji wrote:

I am not fluent in MW API, so let me ask this: is there a way to ask the API "who am i"? Or "which groups am I a part of"?

https://www.mediawiki.org/w/api.php?action=query&meta=userinfo&uiprop=groups

Huji added a comment.Aug 27 2019, 8:17 PM
In T142303#5443329, @Anomie wrote:
In T142303#5419491, @Huji wrote:

I am not fluent in MW API, so let me ask this: is there a way to ask the API "who am i"? Or "which groups am I a part of"?

https://www.mediawiki.org/w/api.php?action=query&meta=userinfo&uiprop=groups

Fabulous!

Huji added a project: User-Huji.Aug 27 2019, 8:18 PM
Xqt triaged this task as Medium priority.Sep 8 2019, 12:02 PM
Nullzero subscribed.Nov 13 2019, 11:44 PM
Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:02 PM
Xqt closed this task as Resolved.Sep 26 2022, 10:52 PM
Xqt claimed this task.
Xqt subscribed.

Dualism of bot accounts was given up years ago

Xqt removed Xqt as the assignee of this task.Sep 26 2022, 10:53 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL