I have a private wiki installation:
MediaWiki 1.34.0
PHP 7.2.27
with
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
in LocalSettings.php
What I'd like to do is to read recent changes through a bot, in order to display "Recente Wiki news - check them out!" to my users when they log into another web app.
So, following this example on official documentation, first I created a BOT Password.
Then I try to call:
https://mywiki.myhosting.com/api.php?action=query&meta=tokens&type=login&format=json
and get the answer
{"error":{"code":"readapidenied","info":"You need read permission to use this module.","*":"See https://mywiki.myhosting.com/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes."}}
If I try the same querystring in a new tab after loggin in to the Wiki (that is - the browser has the authentication cookie already) then I get the answer:
{"batchcomplete":"","query":{"tokens":{"logintoken":"0a0_some_token_letters_518+\\"}}}
Where am I doing wrong?
In my understanding, if I don't get this first token, then I will not be able to make the second login call where I am supposed to use my BOT username / password, right?
Any help appreciated.
Apparently this is a bug that has been fixed just a few days ago. As a workaround, you can just make a login request without a token. You'll get an error message, but there will be a token in it. That login workflow is deprecated and will be removed eventually, but right now it works.