Page MenuHomePhabricator
Create Task
Maniphest T257852

CentralAuth edge login and autologin for some Wikimedia domains broken on mobile
Open, Needs TriagePublic
Actions

Description

After logging in on mobile web (on hu.m.wikipedia.org, with Chrome 83 on Android 10 on a Pixel 4) I get the error shown on the first screenshot below (the message key is centralauth-error-badtoken). The login works otherwise, I'm logged in even on the screen with the error.

When visiting en.m.wiktionary.org, I see that edge login has failed; I'm not immediately logged in, but get logged in in a second or so.

When visiting m.mediawiki.org, both edge login and autologin fail; I'm not logged in at all.

login erroredge login failureautologin failure
centralauth-login-error.png (3×1 px, 164 KB)
centralauth-edge-login-failure.png (3×1 px, 312 KB)
centralauth-login-failure.png (3×1 px, 215 KB)

Logging in on m.mediawiki.org works without an error message, and logs me in to some projects (commons.wikimedia.org, at least) but on most projects including Wikipedias I remain logged out (no autologin, either).

I have seen the error in the past, so this is not (or at a minimum, not fully) related to SameSite changes or to T257853: CentralAuth edge login broken on desktop (coinciding with SameSite rollout).

Related Objects

Event Timeline

Tgr created this task.Jul 13 2020, 4:02 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 13 2020, 4:02 PM
Tgr updated the task description. (Show Details)Jul 13 2020, 4:03 PM
Tgr mentioned this in T256525: Stay logged in doesn’t work, global login doesn’t work on different projects.Jul 13 2020, 8:06 PM
Jdlrobson added a project: Readers-Web-Backlog (Tracking).Jul 14 2020, 3:02 PM
Jdlrobson added a subscriber: Jdlrobson.

I have experienced this too and I believe it's been a problem for why (I believe there may even be another bug open) but have no idea what causes it. Am happy to advise/make appropriate changes in MobileFrontend if somebody that can understand CentralAuth can tell me what's going wrong.

Tgr updated the task description. (Show Details)Jul 16 2020, 5:00 PM
Jdlrobson moved this task from Backlog to team:other on the MobileFrontend board.Jul 24 2020, 2:30 AM
Jdlrobson moved this task from team:other to Tracking on the MobileFrontend board.Jul 24 2020, 2:40 AM
Jdlrobson edited projects, added MobileFrontend (Tracking); removed MobileFrontend.
mdaniels5757 added a subscriber: mdaniels5757.Jul 24 2020, 4:55 PM
Jdlrobson mentioned this in T262846: Uncaught SyntaxError: Unexpected identifier < (checkLoggedIn script).Sep 16 2020, 10:59 PM
Jdlrobson triaged this task as High priority.Dec 7 2020, 11:28 PM
This comment was removed by Jdlrobson.
Tgr added a comment.Dec 8 2020, 1:15 AM

I don't see how this task is related to those errors. All the script in question does is update the personal toolbar so it looks like you are logged in. (You are, in fact, logged in at that point, but the page was rendered earlier; so this is a hack to avoid reloading the page after an AJAX-based login.) Script errors are inconsequential; at worst the user toolbar will look weird, or will not look logged-in until you reload the page.

Jdlrobson added a comment.Dec 8 2020, 4:07 PM

Sorry for confusion @Tgr I meant to post this on: T262846 Correcting..

Jdlrobson raised the priority of this task from High to Needs Triage.Dec 8 2020, 4:09 PM
Tgr added a comment.Dec 8 2020, 5:22 PM

(I don't disagree about this being a high-priority issue, FWIW, I'm just pretty sure the cause lies elsewhere.)

Amitie_10g added a subscriber: Amitie_10g.EditedAug 22 2021, 11:16 PM

This happened in Wikidata in my phone. while I successfully logged-in at Wikipedia and Commons, I stay logged out at Wikidata only in the mobile domain, while in the desktop version stays logged in.

This is more than annoying, and I agree this task should be high priority since more than a year passed since this issue was opened.

Jdlrobson moved this task from Untriaged to Untag on the Readers-Web-Backlog (Tracking) board.Sep 21 2021, 8:47 PM
LGoto removed a project: Readers-Web-Backlog (Tracking).Nov 9 2021, 4:23 PM
Aklapper merged a task: T312042: After log in on mobile Beta Commons, user gets redirected to non-mobile page (and is not logged in there).Jul 24 2022, 2:42 PM
Aklapper added a subscriber: AlexisJazz.
AlexisJazz added a comment.Jul 24 2022, 3:20 PM

I sort of doubt T312042 is a dupe of this. A megadott hitelesítési token lejárt vagy érvénytelen. is centralauth-error-badtoken from the CentralAuth extension. In English that's The provided authentication token is either expired or invalid.

In T312042 I got No active login attempt is in progress for your session. which is centralauth-error-nologinattempt. Also, I was directed to the desktop domain which I don't see happening here.

Lucas_Werkmeister_WMDE mentioned this in T318138: Cannot manually log in on mobile Wikidata (real or test).Sep 20 2022, 9:24 AM
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL