Manual:Pywikibot/OAuth/Wikimedia
This tutorial describes how you can use OAuth 1.0a instead of password-based login with Pywikibot on Wikimedia wikis.
OAuth allows your bot to use your primary account in a secure way, limited to whatever permissions you grant.
System requirements
edit- Install mwoauth. You can do this by running
pip install mwoauth
or while installing pywikibotpip install pywikibot[mwoauth]
.
Registering your bot with the wiki software
editLog in on meta.wikimedia.org with the account you want to use with Pywikibot (eg. the bot account), visit m:Special:OAuthConsumerRegistration/propose and fill out the following fields for OAuth 1.0a consumer (you can ignore all other fields, and also the warning text at the top; it's meant for registrations which do not use the "for use only by" option):
- Application name: whatever helps you remember (needed in the future if you want to change or revoke the bot's access)
- Application description: it cannot be empty, but otherwise does not matter
- This consumer is for use only by <username>: must be checked
- Contact email address: must be the same as your wiki email (will be visible to OAuth admins)
- Applicable grants: depends on what you use the bot for. You will probably want High-volume editing, Edit existing pages, Create, edit, and move pages, and maybe Upload new files, Upload, replace, and move files and Patrol changes to pages. If you are an administrator or other rights holder and want to allow your bot to use your permissions, you might also want to add Edit protected pages, Rollback changes to pages, Block and unblock users, View deleted files and pages, Delete pages, revisions, and log entries and Protect and unprotect pages. The other permissions are unlikely to be needed and granting some of them is a potential security risk. (Note: if your user does not have permission to e.g. deleting pages, checking the box will not make your bot able to do so.)
- By submitting this application, you acknowledge that...: must be checked
Configuring Pywikibot
editAfter submitting the form, you'll get four authentication codes which you need to add to your Pywikibot configuration (user-config.py
):
usernames['wikipedia']['*'] =
usernames['meta']['*'] =
usernames['commons']['*'] =
usernames['wikidata']['*'] =
usernames['wiktionary']['*'] =
usernames['wikibooks']['*'] =
usernames['wikinews']['*'] =
usernames['wikiquote']['*'] =
usernames['wikisource']['*'] =
usernames['wikiversity']['*'] =
usernames['wikivoyage']['*'] =
'ExampleUser'
authenticate['*.wikipedia.org'] =
authenticate['*.wikimedia.org'] =
authenticate['*.wikidata.org'] =
authenticate['*.wiktionary.org'] =
authenticate['*.wikibooks.org'] =
authenticate['*.wikinews.org'] =
authenticate['*.wikiquote.org'] =
authenticate['*.wikisource.org'] =
authenticate['*.wikiversity.org'] =
authenticate['*.wikivoyage.org'] =
authenticate['*.mediawiki.org'] =
('consumer_token','consumer_secret', 'access_token', 'access_secret')
Using the bot
editYou can use the bot in the usual way, except that login.py
and logout.py
will not work. These are not needed: as long as the configuration is in place, the bot will always be logged in.
If you want to revoke the bot's access to your account, you can do so at m:Special:OAuthConsumerRegistration/list.