Hi,
I'm not able to login using clientlogin. Any help is appreciated. Below things I've already tried:
POST https://nl.wikipedia.org/w/api.php?action=query&meta=tokens&type=log...
Output:
{
"batchcomplete": "",
"query": {
"tokens": {
"logintoken": "85af2296d03f8ce504123b7733b0a7ad5880c782+\"
}
}
}
POST https://nl.wikipedia.org/w/api.php?action=clientlogin&loginreturnurl=htt...
Input (text/plain):
logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\&username=Smile4ever&password=*******&rememberMe=1
Output:
{
"error": {
"code": "badtoken",
"info": "Invalid CSRF token.",
"*": "See https://nl.wikipedia.org/w/api.php for API usage."
},
"servedby": "mw1288"
}
Input (application/json):
{
"logintoken": "85af2296d03f8ce504123b7733b0a7ad5880c782+\",
"username": "Smile4ever",
"password": "*******"
}
Output:
{
"error": {
"code": "notoken",
"info": "The "token" parameter must be set.",
"*": "See https://nl.wikipedia.org/w/api.php for API usage."
},
"servedby": "mw1278"
}
window.onbeforeunload = function() {}
Kind regards,
Geoffrey De Belie
On 2017-01-19 15:15, geoffreydebelie wrote:
Input (text/plain): logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\&username=Smile4ever&password=*******&rememberMe=1
Output: { "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1288" }
You are not URL-encoding the token. Make sure to URL-encode (percent-encode) all of the parameter values.
---- On do, 19 jan 2017 15:22:11 +0100 Bartosz Dziewoński matma.rex@gmail.com wrote ----
On 2017-01-19 15:15, geoffreydebelie wrote:
Input (text/plain): logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782+\&username=Smile4ever&password=*******&rememberMe=1
Output: { "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1288" }
You are not URL-encoding the token. Make sure to URL-encode (percent-encode) all of the parameter values.
Hi.
logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c&username=Smile4ever&password=*******&rememberMe=1 has the same result (I even tried with a newly requested login token):
{ "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1285" }
Kind regards, Geoffrey De Belie
On 2017-01-19 15:27, geoffreydebelie wrote:
Hi.
logintoken=85af2296d03f8ce504123b7733b0a7ad5880c782%2b%5c%5c&username=Smile4ever&password=*******&rememberMe=1 has the same result (I even tried with a newly requested login token):
{ "error": { "code": "badtoken", "info": "Invalid CSRF token.", "*": "See https://nl.wikipedia.org/w/api.php for API usage." }, "servedby": "mw1285" }
You are sending it with two backslashes at the end, while the token should only have one.
---- On do, 19 jan 2017 15:40:06 +0100 Bartosz Dziewoński matma.rex@gmail.com wrote ----
You are sending it with two backslashes at the end, while the token should only have one.
That's right, thanks!
{ "clientlogin": { "status": "PASS", "username": "Smile4ever" } }
However, I wonder why https://nl.wikipedia.org/w/api.php?action=query&meta=tokens&type=log...
returns "logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\"
instead of +\ at the end.
Kind regards, Geoffrey De Belie
On Thu, Jan 19, 2017 at 9:43 AM, geoffreydebelie geoffreydebelie@zoho.com wrote:
However, I wonder why https://nl.wikipedia.org/w/api.php?action=query&meta= tokens&type=login&format=json
returns "logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\"
instead of +\ at the end.
Because backslash is the escape character in JSON strings, and so needs to be escaped to represent an actual backslash. If your JSON decoder is not properly transforming that token into a native string ending with a single backslash then your JSON decoder is fundamentally broken and should probably be replaced.
If you're parsing the JSON with custom regular expressions or the like, you should really start using a proper JSON decoder.
On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie) <bjorsch@wikimedia.org
wrote:
Because backslash is the escape character in JSON strings, and so needs to be escaped to represent an actual backslash. If your JSON decoder is not properly transforming that token into a native string ending with a single backslash then your JSON decoder is fundamentally broken and should probably be replaced.
I wonder if it would be worth for the API to issue a more specific warning when a token has been submitted but it does not have the format that tokens normally do. Something like "you submitted the token abc1234 \ but you were expected to submit the token abc1234+\ which in the raw request should look like abc1234%2B%5C" might make it easier for people to figure out on their own what they are doing wrong.
On Thu, Jan 19, 2017 at 4:01 PM, Gergo Tisza gtisza@wikimedia.org wrote:
On Thu, Jan 19, 2017 at 7:25 AM, Brad Jorsch (Anomie) < bjorsch@wikimedia.org> wrote:
Because backslash is the escape character in JSON strings, and so needs to be escaped to represent an actual backslash. If your JSON decoder is not properly transforming that token into a native string ending with a single backslash then your JSON decoder is fundamentally broken and should probably be replaced.
I wonder if it would be worth for the API to issue a more specific warning when a token has been submitted but it does not have the format that tokens normally do. Something like "you submitted the token abc1234 \ but you were expected to submit the token abc1234+\ which in the raw request should look like abc1234%2B%5C" might make it easier for people to figure out on their own what they are doing wrong.
OTOH, every check of this sort we add is more code complexity. And I note if you're using multipart/form-data, it shouldn't look like "abc1234%2B%5C".
---- On do, 19 jan 2017 16:25:03 +0100 Brad Jorsch (Anomie) bjorsch@wikimedia.org wrote ----
On Thu, Jan 19, 2017 at 9:43 AM, geoffreydebelie geoffreydebelie@zoho.com wrote: However, I wonder why https://nl.wikipedia.org/w/api.php?action=query&meta=tokens&type=log...
returns "logintoken": "2c69b789da89c2134de2e6c142523de05880cbf3+\"
instead of +\ at the end.
Because backslash is the escape character in JSON strings, and so needs to be escaped to represent an actual backslash. If your JSON decoder is not properly transforming that token into a native string ending with a single backslash then your JSON decoder is fundamentally broken and should probably be replaced.
If you're parsing the JSON with custom regular expressions or the like, you should really start using a proper JSON decoder.
I was just copy pasting it into Postman :) Thanks for the information.
mediawiki-api@lists.wikimedia.org