Privileged accounts (from sysop onwards) are now given the possibility to enable two-factor authentication for their accounts. Please add support so sysops and/or other accounts with elevated accesses that have decided to enable this security feature be able to continue using AWB.
|Open||None||T169397 [AutoWikiBrowser] Authentication/Login tickets|
|Open||None||T150582 Support two-factor authentication in AutoWikiBrowser|
I don't think this task is valid. AWB should use either https://en.wikipedia.org/wiki/Special:BotPasswords or OAUTH. And probably atleast be able to tell a user that he cannot login using 2FA and direct him at bot passwords.
Yes, AWB should be probably also supporting OAUTH but I think it can be supporting also this. Do we have a task for that?
It's of course up to the developers of AWB to decide which support should be adding to the tool. To me it does not look harebrained or misbegotten to add support for 2fa with a prompt-for-token window when in the process of logging-in, if that can be achieved of course.
The API supports everything AuthManager supports via action=clientlogin. Using action=login for anything except BotPasswords is deprecated, and AWB should use OAuth instead of BotPasswords for non-interactive login.
Just a reminder that AWB is used on other projects besides the WMF ones. So if OAuth is enabled, the application will still need to function without it on other projects. That could be why it wasn't done.
No, it's why Krenair said. Unless we share said key between Developers... Which is a pain, considering the code is in public code repos
And then any third party developers... would need to modify AWB to use a different OAuth...
Bot Passwords would be the way forward, and/or supporting action=clientlogin instead which can allow 2FA to work
Better documentation is needed big-time; I went looking for info on this a few days ago and didn't find anything relevant until I finally stumbled across Special:BotPasswords itself (though now that I think about it, I probably should have checked Meta and MW.org instead of just en.WP).
If you have enabled 2FA, then you could create a bot password (Special:BotPasswords) and login with those details. That way you can login without needing 2FA. (BotPasswords is IP restricted)