Per this blog post about Commons' mobile app, it should be possible to allow users that use 2FA to login normally (without BotPassword) by adding a field to the login form to enter the code.
https://addshore.com/2017/05/wikimedia-commons-android-app-pre-hackathon/
https://github.com/commons-app/apps-android-commons/blob/e3ef7002d5d77c1e8cd98c2a72bbc38c8959c276/app/src/main/java/fr/free/nrw/commons/auth/LoginTask.java#L117
https://github.com/commons-app/apps-android-commons/blob/b0e8175003a686789474238dd293aa89d1e925c7/app/src/main/java/fr/free/nrw/commons/mwapi/ApacheHttpClientMediaWikiApi.java#L93
api.action("clientlogin") .param("rememberMe", "1") .param("username", username) .param("password", password) .param("logintoken", getLoginToken()) .param("logincontinue", "1") .param("OATHToken", twoFactorCode) .post()
Diagram of how it should work
+----------------------+ +---------------------------+ |Bot login is requested| |Classic login is requested | +-----------+----------+ +--------------+------------+ | | | | | | +-------------v-------------+ +-----------v---------+ Nope |* Check if username conform| |ClientLogin API query+----------+ +-------+ (it has @suffix) | |is requested | | | +-------------+-------------+ +------+--------+-----+ | | | | | +----v-----------------------+ | | Yes | | |Query fails with other error| | | | | +--------------------------+-+ | | | | | | +-------------v------------------+ | +-----v----------+ +---------------------+ | | |* Login using standard API query| | |Query fails with+--->2FA form is displayed| | | | action=login | | |"UI" error | |to user and ask for | | | +-----+--------------------+-----+ | +----------------+ |their login token | | | | | | +-----+---------------+ | | | | | | | | +------v-----+ +-----v-----------------------+ | +------v--------------+ | | |Query failed| |Query is successfuly finished| | +-------+ClientLogin API query| | | +------+-----+ +---------------------------+-+ | | |with token | | | | | | | +-----------+---------+ | | | | | | | | | | | +--v--------------v-+ | | | | | |Query is successful| +------v----+ | | | | +--------------+----+ |Query fails| | | | | | +------+----+ | | | | | | | | +------v----------------------------+ | +--------------v--------+ | | +------>Show error to user with explanation| +--->Login successful. | | | |on what's wrong | | | | | +--------------------------^---^----+ +--------------+--------+ | | | | | | | | +-------------------------------------------------------------------------+ | | | +----------------------------------------------------------------+ | +----------v-----------+ |Continue login process| +----------------------+