Hi. I'm trying to use OAuth to be able to connect to the API via python using my en.wiki admin rights, but get a "mwoauth-invalid-authorization" error when using a slightly adapted version of the example code at OAuth/Owner-only consumers#Python. Does anyone have any suggestions as to what might be causing the problem? Should I try getting new tokens? Does it make a difference that I've activated 2FA?
Topic on Help talk:OAuth
Normally that would mean that the consumer is waiting for admin approval, but there doesn't seem to be any such consumer. Are you using an owner-only consumer? If not, what's the consumer ID?
Yes I'm trying to use an owner-only consumer. The consumer key is here:
Owner-only consumers do not require approval and it should not possible to get that error for an owner-only consumer. Is there any chance you are using a different consumer ID in your bot configuration?
Sorry - been away for the last week. Hmm well I'm obviously doing something wrong! I've triple checked and am definitely using that key and the other 3 parameters as in the example code. I've tried making a new key and using those but still get the same error. The only slight difference I can see with my code compared to the example is that the example uses "customer_key" whereas I have a "consumer_token" but I assumed that these are synonymous.
customer_key sounds wrong but I don't see it in the example, either. Apparently we do not log the consumer key for OAuth errors :/ so I cannot easily check in the server logs what went wrong - filed phab:T188848 about that.
Can you generate the error and tell the exact time it happened?
Yes I was a bit confused by that but there are 4 parameters and I entered them in the order that the request page spits out. The time and error are below. I am on UTC:
2018-03-04 22:30:01.808559
{u'servedby': u'mw1223', u'error': {u'info': u'The authorization headers in your request are not valid: Invalid signature', u'*': u'See https://en.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.', u'code': u'mwoauth-invalid-authorization'}}
As you'll see it also says the authorization header is not valid, but I figured that this wasn't the main problem since the request is served fine if I remove auth=auth. Just in case though my header is {'user-agent': 'Smartse deleted contribs - <my email>'}
Thanks very much for your help with this!
Hi Tgr. Have you had a chance to take a look at the logs yet?
Sorry, I got distracted. Apparently mwoauth-invalid-authorization is reused for all kinds of errors so forget what I said in my earlier comments :-/ Invalid signature means an error on your side; either the algorithm for building the authorization header is wrong (sounds like you are using the one built into the requests library so that's not very likely), or you are passing in the wrong data, or your computer's clock is off. Unfortunately we don't log any useful information for signature checks :( so the logs wouldn't tell anything interesting.
No worries. Thanks for trying. I will try and fiddle around more and hope I can get something to work, and failing that try a bot password instead.
I don't quite understand why, but after trying and failing to get it to work with special:botpasswords instead, I've now got it working :D It seems as if it was a problem with the API query itself as I didn't change any of the other parameters in the request, but as I said above, it worked fine when I removed "auth=auth".