Invalid credentials message from Wikidata

Hello!
I'm having trouble uploading data to Wikidata from OpenRefine. I can run the schema, but when I try to upload the edits to Wikidata, I get 'Invalid credentials'.
Usually, I don't need to enter my Wikidata login details in OR if I'm already logged in, but for the last month or so, I get the request to login to WD from within OR and it fails to recognise.

I've tried it on different computers and browsers. I've also changed my password in Wikidata, but the problem persists.
Any ideas as to why this is happening and how can I fix it?
Many thanks

Are you running the latest version? If not, upgrading to it should likely solve the issue.
If you enabled 2-Factor Authentication, this could also prevent OpenRefine from logging into Wikidata. Those are the reasons I can come up with.

Thanks. It's the latest version. I've also installed it on a personal computer which doesn't have 2-factor authentication, but didn't work either

Not sure where it comes from then... Is there anything special with your Wikimedia account ?

A solution might be to create a "bot password" (it's like a second access to your account), see Manual:Bot passwords - MediaWiki.

I had the same issue, expecially when trying to login from a different network than usual. Bot password worked last time. But not today. The Error message is “Invalid credentials”. And this is the Open Refine Code that is created with the error:

02:17:34.540 [ refine] GET /command/core/get-csrf-token (675515ms)
02:17:34.547 [ refine] POST /command/wikidata/login (7ms)
02:17:34.698 [ connection_manager] Unrecognized token 'Please': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 8] (150ms)
org.wikidata.wdtk.wikibaseapi.LoginFailedException: Unrecognized token 'Please': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 8]
at org.wikidata.wdtk.wikibaseapi.BasicApiConnection.login(BasicApiConnection.java:193)
at org.wikidata.wdtk.wikibaseapi.BasicApiConnection.login(BasicApiConnection.java:155)
at org.openrefine.wikibase.commands.ConnectionManager.login(ConnectionManager.java:102)
at org.openrefine.wikibase.commands.LoginCommand.doPost(LoginCommand.java:153)
at com.google.refine.RefineServlet.service(RefineServlet.java:188)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:750)
at org.eclipse.jetty.servlet.ServletHolder$NotAsync.service(ServletHolder.java:1410)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:764)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:529)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:578)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1570)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:131)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:790)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:223)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1384)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:176)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:484)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1543)
at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:174)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1306)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:129)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at com.google.refine.ValidateHostHandler.handle(ValidateHostHandler.java:93)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:122)
at org.eclipse.jetty.server.Server.handle(Server.java:563)
at org.eclipse.jetty.server.HttpChannel$RequestDispatchable.dispatch(HttpChannel.java:1598)
at org.eclipse.jetty.server.HttpChannel.dispatch(HttpChannel.java:753)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:501)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:282)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:314)
at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:100)
at org.eclipse.jetty.io.SelectableChannelEndPoint$1.run(SelectableChannelEndPoint.java:53)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: com.fasterxml.jackson.core.JsonParseException: Unrecognized token 'Please': was expecting (JSON String, Number, Array, Object or token 'null', 'true' or 'false')
at [Source: REDACTED (StreamReadFeature.INCLUDE_SOURCE_IN_LOCATION disabled); line: 1, column: 8]
at com.fasterxml.jackson.core.JsonParser._constructError(JsonParser.java:2481)
at com.fasterxml.jackson.core.base.ParserMinimalBase._reportError(ParserMinimalBase.java:762)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._reportInvalidToken(UTF8StreamJsonParser.java:3703)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._handleUnexpectedValue(UTF8StreamJsonParser.java:2791)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser._nextTokenNotInObject(UTF8StreamJsonParser.java:911)
at com.fasterxml.jackson.core.json.UTF8StreamJsonParser.nextToken(UTF8StreamJsonParser.java:797)
at com.fasterxml.jackson.databind.ObjectMapper._readTreeAndClose(ObjectMapper.java:4928)
at com.fasterxml.jackson.databind.ObjectMapper.readTree(ObjectMapper.java:3258)
at org.wikidata.wdtk.wikibaseapi.ApiConnection.sendJsonRequest(ApiConnection.java:397)
at org.wikidata.wdtk.wikibaseapi.ApiConnection.sendJsonRequest(ApiConnection.java:364)
at org.wikidata.wdtk.wikibaseapi.ApiConnection.fetchToken(ApiConnection.java:342)
at org.wikidata.wdtk.wikibaseapi.ApiConnection.getOrFetchToken(ApiConnection.java:309)
at org.wikidata.wdtk.wikibaseapi.BasicApiConnection.login(BasicApiConnection.java:182)
... 39 more

Any ideas what might be the issue?

Ya. Same here.. The bot password was working fine till last day. I changed the bot password and tried again and it’s not working..

Same here. I also changed my bot password and tried with different devices and networks but always get the same error “Invalid credentials” and the same Open Refine Code as posted by @ConBo .
Please help, I got a project deadline comming at me…

@antonin_d, @abbe98, or @DaxServer - are any of you able to provide more insight into this? I’ve tried looking into this on the OpenRefine side but I can’t find any more details that what was already shared.

Just to make sure I understand the issue:

• In early July, users started receiving “Invalid credentials” responses from Wikidata; creating a bot password resolved the issue
• A few days ago (or maybe just yesterday), the issue resumed and bot passwords are not resolving the issue
• Based on the stack trace, it looks like the Wikidata server is returning a non-json response when a json response is expected, which is preventing the login flow from completing normally (even if credentials are correct)

Given the above, I have the following questions:

• Is there a way to see if anything was updated on the Wikidata server recently that might explain the difference in response?
• Is anyone able to capture the login HTTP response and share the format here? It could be that OpenRefine (or the Wikidata library on which it relies) needs to be updated to handle a new response format.

edit: following a conversation with @Martin I’d like to ask the following people: @Sebastian, @Alicia_Fagerving , and @Ayushi_Rai . Apologies for the mass-ping, but I have little insight into issues related to Wikidata and would love to know more.

Also, I’d like to mention that there’s a corresponding GitHub issue here: 'Invalid credentials' for Wikidata · Issue #7383 · OpenRefine/OpenRefine · GitHub

Let’s please try to consolidate conversation here and I’ll share updates on the GitHub thread when they are available. Thanks!

This is caused by an intentional change, intended to provide stronger account protection.

Using a normal password with action=login has been deprecated since 2016 and it’s now enforced for a large number of sign-in attempts. The workaround is to use a bot password.

Using a bot password stoped working for me on Monday. Also generating a new bot-password did not help.

The workaround with bot password does not work anymore…

I pinged the staff responsible for the initial change to see if there has been any additional change is the past few days that might have caused this.

We tracked it down! There are two issues:

1. Wikimedia now commonly blocks action=login requests that uses regular passwords
2. Wikimedia now blocks requests missing user agents

We do provide user agents for our edit requests but not for the login request which is causing Wikimedia to refuse all those requests since a few days ago.

The user-agent issue needs a fix on the OpenRefine side and for the password one we probably want do do some UI changes.

Thanks for identifying the issue! Does this require a change to GitHub - Wikidata-Toolkit/Wikidata-Toolkit: Java library to interact with Wikibase ? It looks like that library handles the login call for OpenRefine, but I haven’t read through the code thoroughly enough to know if there’s an alternative way we could address this in OpenRefine alone.

Possibly, it looks like it has some support for custom user-agents, but it’s not clear to me if that would impact the login call.

This said there are non WDTK requests to MediaWiki that are likely impacted as well.

Any updates or workaround for this issue? Would it help to switch to an older version of Open Refine?
Thanks for help.
Best,

Felix

@Fbethke - this was recently addressed in an upstream package that OpenRefine uses: Fix #959: Configurable User-Agent with versioned default by rzo1 · Pull Request #960 · Wikidata-Toolkit/Wikidata-Toolkit · GitHub

Once a new version of this package is published, we can update the version in OpenRefine and publish a new patch release. I don’t have an exact timeline of when all this will be wrapped up but I think we could get this resolved within a week.

Sadly I don’t think so. I think this is new behavior within the Wikidata server, not within OpenRefine, so older versions will still run into this issue.

I’m also getting the Invalid Credentials message from Wikimedia Commons, just tested as I’m trying to help a user doing a bulk image upload and they ran into this issue (they also tried bot password, didn’t work). Can I assume that when this issue is resolved for Wikidata that it will also resolve Wikimedia Commons, or should I open a separate issue somewhere? any advice appreciated!

I think there will be an update required to the CommonsExtension as well, but I haven’t worked on that extension so I’ll let someone more familiar with that code to verify.

As for the fix to the base Wikidata extension, there’s an open pull request to resolve the issue but still needs some work before it’s ready for review and merge.

Ah, thanks for that. Would be very much appreciated!

Sara