On Mon, 2 Mar 2026 at 18:41, Tenshi H <[email protected]> wrote: > > On Monday, March 2nd, 2026 at 5:25 PM, Jonathan Tweed via Wikitech-l > [email protected] wrote: > > If tools are running on WMCS, this will exempt you from the limits > even when using OAuth 1.0. > > For tools outside WMCS, OAuth 1.0 consumers will work as long as you > also send cookies as this will include a JWT cookie in the request > that we can validate in place of an OAuth 2.0 access token. > > > Wikimedia APIs/Rate limits#Caveats says however that "OAuth 1 access tokens > are not supported by the rate limit infrastructure. Requests using OAuth 1 > tokens will be treated as unauthenticated with respect to rate limiting." > Which is what's going to happen?
They are not supported on their own, but we are about to deploy a change that will generate a JWT cookie when you use bot passwords or OAuth 1. If this cookie is then sent alongside the OAuth 1 token, the request will be treated as authenticated. These are T417833 and T415007 in Phabricator and will be deployed over the next couple of weeks. You are right, that page isn't as clear as it could be. I will update, thanks! _______________________________________________ Wikitech-l mailing list -- [email protected] To unsubscribe send an email to [email protected] https://lists.wikimedia.org/postorius/lists/wikitech-l.lists.wikimedia.org/
