Incident 2026-01-06 – BotPassword Authentication Failure (MediaWiki API)
Incident 2026-01-06 – BotPassword Authentication Failure (MediaWiki API)[edit | edit source]
Summary[edit | edit source]
Attempts to authenticate to the MediaWiki API using BotPasswords repeatedly failed, despite bot accounts and credentials being present in the database and visible via maintenance scripts. This prevented automation of wiki publishing and required extended debugging of MediaWiki authentication configuration.
The failure was ultimately traced to missing or inactive BotPassword authentication providers in the MediaWiki AuthManager configuration.
Impact[edit | edit source]
- Automation for wiki publishing blocked
- Incident documentation and operational recovery delayed
- Significant engineering time spent debugging authentication paths
- Increased cognitive load during already degraded operational state
Timeline (condensed)[edit | edit source]
- 2026-01-06 – Bot user accounts and BotPasswords verified in database
- Multiple API login attempts failed using both `login` and `clientlogin`
- MediaWiki version and configuration inspected
- AuthManager providers dumped via maintenance scripts
- BotPasswordAuthenticationProvider found to be absent from active auth stack
Root Cause[edit | edit source]
- BotPassword authentication provider not registered in MediaWiki AuthManager
- MediaWiki allowed creation and storage of BotPasswords but could not authenticate them
- Configuration mismatch between enabled features and active auth providers
Resolution[edit | edit source]
- Identified missing BotPassword authentication provider
- Determined required configuration changes for full API-based bot login
- Deferred final fix pending restoration of operational baseline and documentation completion
Preventive Actions[edit | edit source]
- Explicitly verify AuthManager providers after MediaWiki upgrades
- Add automated test for bot API login during deployment
- Document required bot authentication configuration in operations wiki