2016-09-06 8:14 GMT+02:00 Gergo Tisza gtisza@wikimedia.org:
On Mon, Sep 5, 2016 at 8:08 PM, Bináris wikiposta@gmail.com wrote:
I found bot passwords, but they offer very limited user rights.
They offer rights for anything which is defined in $wgGrantPermissions [1], which should be include everything a bot might need. Feel free to file a bug if that's not the case, but maybe you are just overlooking something?
So the best thing is to try without API?
The best thing is to use a bot framework that is still being maintained, so that you don't have to deal with login yourself. The second best thing is to use OAuth with an owner-only consumer [2] and add the Authorization header to every request. The third best thing is to use action=login with a bot password. Anything lower down in bestness should probably be avoided.
On Mon, Sep 5, 2016 at 9:32 PM, John phoenixoverride@gmail.com wrote:
you can still login via the API,without having to use either oauth or botpassword
You might be able to. It depends on the authentication settings of the wiki and the user account. It's not something that should be relied upon.
[1] https://www.mediawiki.org/wiki/Manual:$wgGrantPermissions [2] https://www.mediawiki.org/wiki/OAuth/Owner-only_consumers _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l