Page MenuHomePhabricator

OAuth authentication changed?
Closed, ResolvedPublicBUG REPORT


Steps to replicate the issue (include links if applicable):

My QuickStatements tool uses stored OAuth permissions to edit Wikidata as the user. This has been working well for years, but since a few days (?) it does not work any more. I did not change any of the relevant code.

What happens?:
API error: "The authorization headers in your request are not valid: Invalid signature"

What should have happened instead?:
Correct edit (or any API request, really). Did something change on the WMF site?

Event Timeline

FWIW, my QuickCategories tool, which as far as I’m aware works in a broadly similar way (store what requests-oauthlib calls the resource_owner_key and resource_owner_secret in the database, later read them to recreate an authenticated session), still seems to be working fine: batch #5962 ran in the background yesterday, 14:30 PM.

I don't know if this is related, but menu to fetch Qids in Zotero disapears.

What's the consumer key?

Some common issues that can cause this:

  • using an URL that redirects
  • large clock skew
  • the consumer expired (although I don't think OAuth 1 consumers expire)

Consumer key is b5dc46b99399f49d03757216abd14e66 (QuickStatements). I didn't change the URL, and I think the toolforge clock is working fine.

Magnus claimed this task.

Found the problem, on my side. Apologies.