On 27/04/2019 14:37, Jiri Vlasak wrote:
On Fri, Apr 26, 2019 at 07:28:39PM +0100, Tom Hughes wrote:
On 26/04/2019 19:06, Jiri Vlasak wrote:
This approach is similar to one used by HOT Tasking Manager [1]. In my "oauth
settings" section I have many many "Tasking Manager 3 - Prod" tokens. And I
feel this approach is not right.

That's usually because the client is broken and is not storing the
token but is instead requesting a new one every time you use it.

That's my guess too. So, I would like to write it better. My problem is that I
am quite confused by OAuth.

If I understand it correctly, OAuth is here for authorization. But, in my case
(and in the case of HOT Tasking Manager), the use case is authentication.

Yes it is really abuse of OAuth in general but is common.

Note that OAuth 2 (in the form of OpenID Connect) has basically
merged the two use cases anyway.

So maybe I should ask - is it possible to authenticate to osm.org?

Well yes, that is what OAuth does.

What is happening here is using your osm.org account to
authenticate to a third party site.

That works if the third party is prepared to accept you
allowing it to access osm.org as valid authentication.


Tom Hughes (t...@compton.nu)

dev mailing list

Reply via email to