OAuth authentication changed?
Closed, ResolvedPublicBUG REPORT
Actions

Assigned To

Authored By

	Magnus
	Mar 1 2023, 2:23 PM

Description

Steps to replicate the issue (include links if applicable):

My QuickStatements tool uses stored OAuth permissions to edit Wikidata as the user. This has been working well for years, but since a few days (?) it does not work any more. I did not change any of the relevant code.

What happens?:
API error: "The authorization headers in your request are not valid: Invalid signature"

What should have happened instead?:
Correct edit (or any API request, really). Did something change on the WMF site?

Event Timeline

Magnus created this task.Mar 1 2023, 2:23 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 1 2023, 2:23 PM

Relevant code: https://github.com/magnusmanske/mediawiki_rust/blob/master/src/api.rs#L644

Note: Oauth 1, not 2!

CennoxX subscribed.Mar 2 2023, 10:33 AM

FWIW, my QuickCategories tool, which as far as I’m aware works in a broadly similar way (store what requests-oauthlib calls the resource_owner_key and resource_owner_secret in the database, later read them to recreate an authenticated session), still seems to be working fine: batch #5962 ran in the background yesterday, 14:30 PM.

I don't know if this is related, but menu to fetch Qids in Zotero disapears.

Robby subscribed.Mar 5 2023, 5:58 AM

What's the consumer key?

Some common issues that can cause this:

using an URL that redirects
large clock skew
the consumer expired (although I don't think OAuth 1 consumers expire)

Consumer key is b5dc46b99399f49d03757216abd14e66 (QuickStatements). I didn't change the URL, and I think the toolforge clock is working fine.

1234qwer1234qwer4 subscribed.Mar 6 2023, 10:35 PM

Found the problem, on my side. Apologies.

OAuth authentication changed?Closed, ResolvedPublicBUG REPORTActions

Description

Event Timeline

OAuth authentication changed?
Closed, ResolvedPublicBUG REPORT
Actions