On Tue, Sep 6, 2016 at 1:59 AM, Gergo Tisza <[email protected]> wrote:
> On Mon, Sep 5, 2016 at 9:57 PM, MZMcBride <[email protected]> wrote: > > > I think the API documentation should probably be made a bit clearer as I > > think there are now two deprecated ways of logging in. We should likely > > make it more explicit which way applies to which versions of MediaWiki. > > This allows developers to have a quicker and easier understanding when > > determining how much compatibility code is needed in a specific > > tool/script/application. > > > > Using action=login is deprecated since 1.27, unless you use bot passwords. > Using action=clientlogin is not deprecated. Using OAuth (which means not > logging in at all) is also not deprecated. Bot passwords and clientlogin > were added in 1.27; OAuth was added a while ago (although owner-only OAuth > consumers were added in 1.27, and adding OAuth support to a bot is a lot > more complex without those) but requires the OAuth extension to be > installed. HTH. > In addition, when using action=login there are multiple ways to fetch the necessary CSRF token. The not-deprecated method is to use action=query&meta=tokens&type=login. The deprecated (since 1.27) method most likely in use by old code is to send an action=login request without an lgtoken parameter to get a NeedToken response. There's also the possibility of using the deprecated (since 1.24) action=tokens instead of action=query&meta=tokens. -- Brad Jorsch (Anomie) Senior Software Engineer Wikimedia Foundation _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
