Cannot login with my regular account

[waldyrious]

Do I have to use a bot account? The error suggests otherwise, but I'm not sure how to proceed:

$ wd set-label Q4115189 pt "Testing wikidata-cli"
This operation requires to set your Wikidata crendentials
prompt: Wikidata username:  Waldir
prompt: Wikidata password:  [redacted]
Authentication requires user interaction, which is not supported by action=login. To be able to login with action=login, see [[Special:BotPasswords]]. To continue using main-account login, see action=clientlogin.
prompt: Wikidata username:  Waldir
prompt: Wikidata password:  [redacted]
Authentication requires user interaction, which is not supported by action=login. To be able to login with action=login, see [[Special:BotPasswords]]. To continue using main-account login, see action=clientlogin.

(Since this seemed to be a loop, at this point I exited with Ctrl+C).

[maxlath]

no, your normal Wikidata username and password should do normally

[waldyrious]

Well, I have my Wikimedia account set up for 2FA, not sure if that interferes here.

[maxlath]

@waldyrious possibly. Also to have in mind: the current implementation relies on a deprecated query https://github.com/maxlath/wikidata-token/issues/5

[maxlath]

@waldyrious hey, will you be in Vienna for the Wikimedia Hackathon next week? we could take the occasion to tackle this issue :)

[waldyrious]

Unfortunately not :( but we could set up a time to chat over IRC during the hackathon :)

[maxlath]

sure! I should be able to find knowledgeable people in the room to give us a clue or two ;)

[waldyrious]

Great! Let me know when you know what your availability will be during those days. During the workweek, I am generally available at night (around 8pm-11pm UTC).

[maxlath]

so it seems we can take inspiration on @addshore's login code that does support 2FA: MWApi.java

[maxlath]

OAuth authentification is now possible (and recommanded!) in wikibase-cli >= v8, that might (finally) solve your issue \o/ see config documentation

[waldyrious]

Great to hear that, @maxlath. However I think the UX needs a little polish:

❯ wd set-label Q4115189 pt "Testing wikidata-cli"
This operation requires to set your crendentials for https://www.wikidata.org
Which authentification mecanism would you like to use to login to https://www.wikidata.org ?:
/!\ Beware that those will be stored in plain text on your computer
1 - OAuth tokens (recommanded)
2 - username - password
- 1

If you don't have OAuth tokens yet, you can request owner-only tokens OAuth consumers at

https://meta.wikimedia.org/wiki/Special:OAuthConsumerRegistration/propose?wpname=wikibase-cli-myusername&wpdescription=tokens%20for%20wikibase-cli%20%28https%3A%2F%2Fgithub.com%2Fmaxlath%2Fwikibase-cli%29&wpownerOnly=1

Select "Request authorization for specific permissions" and adjust to your needs.
Required authorizations:
- Edit existing pages
Recommanded authorizations:
- Create, edit, and move pages

A clear message and call should be shown, e.g. "You don't seem to have an OAuth token set yet; please open the following URL to create one".

Especially since when I open that URL I see this huge and complex form:

...when I expected an authorization screen like those that appear when I authorize a Labs tool on mediawiki.org (i.e. a dialog where I can just click "Authorize").

So although this may work (I didn't continue further), is it OK if I keep this issue open until that flow is smoothed out a bit?

[maxlath]

So although this may work (I didn't continue further), is it OK if I keep this issue open until that flow is smoothed out a bit?

could you open a new issue on this?

[waldyrious]

could you open a new issue on this?

Sure. Something like "Improve authentication flow"?

[maxlath]

"Improve OAuth authentication flow"?

[waldyrious]

Sounds good, will do 👍