On Mon, Sep 5, 2016 at 8:08 PM, Bináris <[email protected]> wrote:
> I found bot passwords, but they offer very limited user rights. > They offer rights for anything which is defined in $wgGrantPermissions [1], which should be include everything a bot might need. Feel free to file a bug if that's not the case, but maybe you are just overlooking something? So the best thing is to try without API? The best thing is to use a bot framework that is still being maintained, so that you don't have to deal with login yourself. The second best thing is to use OAuth with an owner-only consumer [2] and add the Authorization header to every request. The third best thing is to use action=login with a bot password. Anything lower down in bestness should probably be avoided. On Mon, Sep 5, 2016 at 9:32 PM, John <[email protected]> wrote: > you can still login via the API,without having to use either oauth > or botpassword You might be able to. It depends on the authentication settings of the wiki and the user account. It's not something that should be relied upon. [1] https://www.mediawiki.org/wiki/Manual:$wgGrantPermissions [2] https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
