Hi! Since the introduction of AuthManager in 2016 <https://lists.wikimedia.org/hyperkitty/list/wikitech-l@lists.wikimedia.org/message/3EEMN7VQX5G7WMQI5K2GP5JC2336DPTD/>, there are two officially supported authentication methods for bots:
- obtaining a session cookie using the action=login API <https://www.mediawiki.org/wiki/API:Login#Method_1._action=login> with a bot password <https://www.mediawiki.org/wiki/Manual:Bot_passwords>; - loginless authentication using OAuth 1.0 or 2.0 with an owner-only consumer <https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers>. action=login with a normal password has been deprecated for a decade, and action=clientlogin API <https://www.mediawiki.org/wiki/API:Login#Method_2._action=clientlogin> was never supported for non-interactive login. Still, in the past, these methods worked most of the time - often enough that many bots kept using them. This is going to change very soon as we are introducing more interactive challenges during login to improve account security. If your bot still uses one of the non-supported methods, please change it now. Usually this only requires generating a bot password via Special:BotPasswords <https://www.mediawiki.org/wiki/Special:BotPasswords> and giving the bot that instead of your normal password. For the change that prompted this email, see T395205 <https://phabricator.wikimedia.org/T395205>. There will probably be more such changes in the future, and they won't be announced separately. Thanks for your understanding, and for your help in evolving the Wikimedia developer ecosystem.
_______________________________________________ Wikitech-l mailing list -- wikitech-l@lists.wikimedia.org To unsubscribe send an email to wikitech-l-le...@lists.wikimedia.org https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
