There should be cookie headers. You should be using requests.Session or something like that.
Also, why are you unescaping manually instead of just using the requests reponse object's .json()?
Also, you probably shouldn't be using clientlogin in the first place. Will you be able to handle a 2FA check? Or a capthca? If you are building a non-interactive tool, you should just use the login API with bot passwords (or owner-only OAuth of that extension is installed).

On Sun, Feb 19, 2017 at 4:12 AM, Betacommand <> wrote:
Don't strip the last \ its part of a legacy validity check. Always pass whatever you get back the way you for it.

On Sun, Feb 19, 2017 at 1:49 AM Michael <> wrote:

Sorry, if it turns out as a stupid mistake, but I am at the end of my own knowledge to solve this issue on my MediaWiki 1.28 installation:


I am using a python3 script to 1) get the token, and 2) login via ‘clientlogin’, but I always receive the   

"error": {

        "code": "badtoken",

        "info": "Invalid token",


The taken is coming from     'action': 'query',     'meta': 'tokens',     'type': 'login', and I strip the last ‘\’.


This is my submission for Login:

Type: <class 'urllib.request.Request'>

Contents: {'_full_url': '', 'unredirected_hdrs': {}, '_tunnel_host': None, 'fragment': None, '_data': b'password=Lxxxxxxxx7&action=clientlogin&rememberMe=1&username=Admin&', 'origin_req_host': '', 'selector': '/api.php', 'headers': {'Content-type': 'application/x-www-form-urlencoded'}, 'type': 'https', 'unverifiable': False, 'host': ''}


Following  the same procedure via ApiSandbox is working fine.


Thank you for your help!




Mediawiki-api mailing list

Mediawiki-api mailing list