typo in snippet above. the api call line should be:

api.get({ list: 'recentchanges', rclimit: 1, rctoken: 'patrol' }, tokenReceived)

Thanks for the excerpts / snippets. Attaching a minimal testcase that could be executed, in order to reproduce, is also welcome, as it saves time. :)

no problem.

please note that the issue is intermittent, and i was not able so far to find any clues when does it happen.

so here is the "full" test. this script will create a new link in the toolbox to try and get patrol token.
pressing this button repeatedly by a user in hewiki with "patroller" rights produces intermittent successes and failures.

in order to get meaningful results, the logged-in user must have "patroller" rights, otherwise failure to obtain the token is the expected behavior.

peace.

8< ---------------------------------------------------
$(mw.util.addPortletLink('p-tb', '#', 'Test API token problem')).click(function(e) {
e.preventDefault()
mw.loader.using('mediawiki.api', function() {

		var api = new mw.Api();
		api.get({list: 'recentchanges', rclimit: 1, rctoken: 'patrol'},
			function(data) { // success
				var token = data && data.query && data.query.recentchanges && data.query.recentchanges[0].patroltoken;
				if (token)
					alert('received token: "' + token + '"');
				else {
					var warning = data && data.warnings && data.warnings.recentchanges && data.warnings.recentchanges['*']
					alert('No token received. ' + (warning ? 'Warning: "' + warning + '"' : '') )
				} // else
			},
			function() { // failure
				alert('Api call failed');
			}
		); // api.get

}); using
}); click

(some more data that may or may not be meaningful):
in hewiki there is a special permission group called "pattrollers". these users have "pattroller" rights but not most of the other rights sysops have.
the problem was reported by several such users, and reproduced by me (i have "patroller" and "editinterface", but not "sysop" rights). i do not know if "full sysops" see the same issue - maybe they do, but i did not get report from any sysop about this problem.

the issue is somewhat hi-pri, at least for hewiki, because we use an "rcPatrol" gadget ( [[:he:Mediawili:Gadget-rcPatrol.js]] ), which allows patrollers to mark reviewed edits from the recentchanges list. this gadget uses a piece of code almost identical to the snippet in order to obtain the patrol token.

most patrollers use this gadget, and they typically mark the edits as "patrolled" from recent changes, rather than from the diff page of the edit.

peace.

ooopsie. (i hate it that bugzilla does not have "preview")

the correct link to the gadget (i hope) is: [[:he:Mediawiki:Gadget-rcPatrol.js]].

peace.

The patrol token cannot be returned from list=recentchanges for a particular recentchanges entry under the following conditions:

• $wgUseRCPatrol and $wgUseNPPatrol are both false.
• The user does not have the 'patrol' or 'patrolmark' rights.
• The RC entry exists but is not for a page creation or a page edit (type "new" or "edit").
• The RC entry is for a page edit but $wgUseRCPatrol is false.

The first two, of course, cannot be intermittent. I expect that your intermittent failure is due to the third bullet point; if you include loginfo in rcprop, you'll probably find that "type" is something other than "new" or "edit" when it fails.

You should be able to fix your script by using rctype=new|edit (or rctype=new on wikis where $wgUseRCPatrol is false) to filter just the types for which you can get a token.

As for the warning message, we should probably change it to something along the lines of "Action 'patrol' is not allowed for the current user for one or more recentchanges entries in this result set" to make the situation more clear. Any suggestions on the exact wording?

i'll try to add this rctype=new|edit to the script and will reopen if reports continue.

closing now as "PEBCAK".

peace.

I got trapped by this again until I read ApiQueryRecentChanges.php myself. Reopening this as a rewording request per comment 6.

rctoken is deprecated, so there is no need to change the text. All callers should change to the new token module.