This doc says bots should use OAuth to login.
But this doc says OATHAuth (and not Oauth), is bundled with MW.
Therefor, what should bots use?
Topic on Project:Support desk
this doc does not even mention OAuth anywhere at all.
it links to this page, which says "Bots and other non-interactive applications should generally use owner-only OAuth consumers", which in turn links to this page, which says "To use it, the target wiki must have version 1.27 or higher of the OAuth extension installed."
Bots should use OAuth, as you already wrote. I do not understand the "But" in "But this doc says OATHAuth is bundled with MW". How is that related?
- it appears that OAuth and OathAuth have overlapping or duplicate functionality. Why need both?
- If bots are supposed to use OAuth, and bots are a common or standard part of MediaWiki, then why not bundle OAuth with MW, instead of OATHAuth?
Update: because they don't do the same thing?
- Oauth does not have a gui, correct? For application processes only.
- OATHAuth does have a user-gui. For user-login only.
(still wondering why OAuth isn't bundled)
> it appears that OAuth and OathAuth have overlapping or duplicate functionality.
They don't. OAuth is a method for authorization, OATHAuth is an extension that provides 2nd factor authentication using TOTP (OATH is an industry standard). Their naming indeed is quite confusing.