There is some ongoing work with OAuth problems, so this could be a fallout from T321160: Lcobucci\JWT\Signer\InvalidKeyProvided: Key cannot be empty

Please retry and report if the problems still exists or gets fixed. Thanks.

T321160 has now been fixed so I'm hopeful this means the issue should go away here.

The issue has not gone away.

I got too an access denied notice, but I noticed that I have actually access to the library despite it.

In T332349#8703933, @Umherirrender wrote:

Please retry and report if the problems still exists or gets fixed. Thanks.

Tried again today. Access denied again. :(

Still unable to login to Wikipedia Library.

Can you erase your Wikipedia Library cookies and session, and try again?

Works for me, so it's probably not an OAuth issue.

I can't access either

Now it seems solved

Just tried again, got error message about failed to create token. Tried again anyway, and it worked!

Much thanks to whoever fixed this very annoying roadblock!

When it's failing, it looks like mwoauth isn't finding the oauth token in the response from mediawiki after it posts the verifier:
https://github.com/mediawiki-utilities/python-mwoauth/blob/753f851936d693ea8de63b47b294d694daadd05d/mwoauth/functions.py#L178-L195

Specifically, we're getting a not subscriptable type error on
credentials.get('oauth_token')[0]
https://github.com/mediawiki-utilities/python-mwoauth/blob/master/mwoauth/functions.py#L193
for some users. It seems to be impacting only some users, but I don't understand what (if anything) is unique about the impacted users.

@Tgr to learn more, I think I'd need to fork mw oauth and add a try/except block with some logging for what's in that mw oauth response after we post the verifier.

In T332349#8707538, @jsn.sherman wrote:

@Tgr to learn more, I think I'd need to fork mw oauth and add a try/except block with some logging for what's in that mw oauth response after we post the verifier.

Maybe add DEBUG level logging to the production code and make the application compatible with WikimediaDebug? But you'd have to find a somewhat reproducible example first.

In general, clearer logging of errors on the MediaWiki side would be great, but might not be easy because much of the in-the-weeds OAuth logic is outsourced to third-party libraries.

I still don't have access. And I have opened a duplicate task some days ago. For your information; I am indef. blocked in the German Wikipedia (after 8 valid edits, unblock request was denied twice) and I was also only able to access it the first time with the help of Samwhalton9.~~~~

We're now using a fork of mwoauth to collect some additional data on this issue.

Quarry seems to have the symptoms of "login does not work on every try", and same for CopyPatrol (T332636). Perhaps this is a broader issue?

Edit: I've filed T332650: Frequent OAuth failures on Wikimedia wikis since eqiad was repooled due to db-mainstash replication lag

@MusikAnimal do you know in what part of the code the authentication breaks? The Wikipedia Library's authentication seems to be breaking here: https://github.com/mediawiki-utilities/python-mwoauth/blob/master/mwoauth/functions.py#L193

In T332349#8712365, @Scardenasmolinar wrote:

@MusikAnimal do you know in what part of the code the authentication breaks? The Wikipedia Library's authentication seems to be breaking here: https://github.com/mediawiki-utilities/python-mwoauth/blob/master/mwoauth/functions.py#L193

Hey Susana! :) In the case of CopyPatrol, we're using mediawiki/oauthclient (PHP), but it apparently breaks in the same place -- that is, when we are expected to have retrieved the token and secret from the MediaWiki-extensions-OAuth extension. Then I noticed Quarry having a similar problem, so concluded this is probably an issue with OAuth itself. I've filed T332650.

Thanks, Leon! :) It seems like it's the same error for us.

In T332349#8712365, @Scardenasmolinar wrote:

@MusikAnimal do you know in what part of the code the authentication breaks? The Wikipedia Library's authentication seems to be breaking here: https://github.com/mediawiki-utilities/python-mwoauth/blob/master/mwoauth/functions.py#L193

Probably mwoauth should be updated to call Special:OAuth/token?format=json instead of Special:OAuth/token and parse the response, which is a JSON object with key and secret (of the access token) on success, and a JSON object with error and message on error. That's nicer than logging the raw HTTP response (although of course won't fix any failures).

For now, we've added a friendlier message prompting users to try logging in again and linking to T332650 for more info.

My access in on again.

In T332349#8721996, @Paradise_Chronicle wrote:

My access in on again.

Thanks for letting us know; I'd love to hear from other impacted users like @Awkwafaba and @MoldciusMenbug: can you login on the first try now, or are you still experiencing the problem?

I had the same problem on the first attempt to log in today, on the second attempt the log in worked.

Some other people reported similar problems in dewiki : https://de.wikipedia.org/wiki/Wikipedia_Diskussion:Förderung/The_Wikipedia_Library#Anmeldung_bei_der_Wikipedia_Library

T332650: Frequent OAuth failures on Wikimedia wikis since eqiad was repooled due to db-mainstash replication lag has been resolved and from some light testing I don't appear to be getting OAuth errors in the library anymore. I checked glitchtip and we haven't had the most common OAuth error for 19 hours now. Huge thanks to @Tgr for spending time on this.