> that may not be popular with clients that have invested a lot here in
> optimising the flow
Looking at JOSM, I seem to remember that they *used to* have some "fully
automatic" authorization where you'd input the username and password into JOSM
itself and JOSM would then fake towards the OSM website to being a browser,
i.e. logging in behind the curtains with these credentials and then granting
authorization to itself in the next step, scraping the necessary data from the
webpage that was never displayed to the user. _(If I remember correctly!)_
Fortunately, looking at it again now, it looks like they are doing it as
intended by OAuth 2 now - opening osm.org in the browser and getting the
callback for authorization back into the app.
So, displaying the block message on an attempt to login and/or trying to
authorize a new app would be of great help because whenever OSM responds with a
403 Forbidden, users will tend to check what's up with their access token, try
to login again or whatever.
Didn't test with other apps, but at least StreetComplete will just forget the
access token and prompt the user to login again when presented with a 403
Forbidden error.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2584958819
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/issues/5490/2584958...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
