Page MenuHomePhabricator

CentralAuth edge login and autologin for some Wikimedia domains broken on mobile
Open, Needs TriagePublic


After logging in on mobile web (on, with Chrome 83 on Android 10 on a Pixel 4) I get the error shown on the first screenshot below (the message key is centralauth-error-badtoken). The login works otherwise, I'm logged in even on the screen with the error.

When visiting, I see that edge login has failed; I'm not immediately logged in, but get logged in in a second or so.

When visiting, both edge login and autologin fail; I'm not logged in at all.

login erroredge login failureautologin failure
centralauth-login-error.png (3×1 px, 164 KB)
centralauth-edge-login-failure.png (3×1 px, 312 KB)
centralauth-login-failure.png (3×1 px, 215 KB)

Logging in on works without an error message, and logs me in to some projects (, at least) but on most projects including Wikipedias I remain logged out (no autologin, either).

I have seen the error in the past, so this is not (or at a minimum, not fully) related to SameSite changes or to T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout).

Event Timeline

Jdlrobson added a subscriber: Jdlrobson.

I have experienced this too and I believe it's been a problem for why (I believe there may even be another bug open) but have no idea what causes it. Am happy to advise/make appropriate changes in MobileFrontend if somebody that can understand CentralAuth can tell me what's going wrong.

This comment was removed by Jdlrobson.

I don't see how this task is related to those errors. All the script in question does is update the personal toolbar so it looks like you are logged in. (You are, in fact, logged in at that point, but the page was rendered earlier; so this is a hack to avoid reloading the page after an AJAX-based login.) Script errors are inconsequential; at worst the user toolbar will look weird, or will not look logged-in until you reload the page.

Sorry for confusion @Tgr I meant to post this on: T262846 Correcting..

Jdlrobson raised the priority of this task from High to Needs Triage.Dec 8 2020, 4:09 PM

(I don't disagree about this being a high-priority issue, FWIW, I'm just pretty sure the cause lies elsewhere.)

This happened in Wikidata in my phone. while I successfully logged-in at Wikipedia and Commons, I stay logged out at Wikidata only in the mobile domain, while in the desktop version stays logged in.

This is more than annoying, and I agree this task should be high priority since more than a year passed since this issue was opened.

I sort of doubt T312042 is a dupe of this. A megadott hitelesítési token lejárt vagy érvénytelen. is centralauth-error-badtoken from the CentralAuth extension. In English that's The provided authentication token is either expired or invalid.

In T312042 I got No active login attempt is in progress for your session. which is centralauth-error-nologinattempt. Also, I was directed to the desktop domain which I don't see happening here.