|Version 8 (modified by Gubaer, 3 years ago) (diff)|
OAuth Authorisation Wizard
Table of Contents
- OAuth in a nutshell
- The OAuth Authorisation Wizard
OAuth in a nutshell
OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.
Standard use case - keep your OSM password private
The standard use case in OSM for OAuth is to keep your OSM password more private than with Basic Authentication.
OAuth has two major advantages over Basic Authentication:
- Your OSM password doesn't have to be saved in clear text in the JOSM preferences file.
- Your OSM password has to be transferred only once over the Internet, in contrast to basic authentication where your OSM password is trasferred as part of every request sent from JOSM to the OSM server.
In OAuth terminology, a JOSM user authorises JOSM to access the OSM server on his behalf. During the authorisation process he never has to enter his OSM password into a JOSM dialog if he or she doesn't fully trust JOSM (unless he wants to for convenience reasons see here). Rather, the OSM server issues an Access Token which JOSM presents to the OSM server when it uploads data on behalf of the user. Access Tokens don't reveal the users password and they can be revoked at any time.
Advanced use case - delegate access to other mappers
A more advanced use case for OAuth is to delegate access to your OSM account to other mappers. OAuth allows you to grant another user restricted access to your account if necessary.
Example: Mapper A can grant mapper B the right to download its private GPS traces from the OSM website. Mapper A would generate an OAuth Access Token and restrict to the privilege "Download my private GPS traces". He would then send an email with the Access Token to mapper B. B can enter the Access Token in JOSM and he is now allowed to download A's private GPS traces from the OSM server. He wouldn't be allowed to upload date on A's behalf, though, and he doesn't know A's OSM password. At any time, A can revoke the Access Token issued for B.
The OAuth Authorisation Wizard
What does authorization mean?
Fully automatic authorization process
The easiest way to get an Access Token is to let JOSM fully automatically retrieve one from the OSM server.
- Step 1/2 - Get the Access Token
Enter your OSM username and your OSM password and click on Authorise now.
- Step 2/2 - Accept the Access Token
JOSM displays the retrieved Access Token. Click on Accept Access Token to accept it.
Restricting the granted privileges
When JOSM fully-automatically requests and authorises an Access Token, it grants it five privileges:
- the right to upload data to the OSM server
- the right to upload GPS traces to the OSM server
- the right to download private GPS traces from the OSM server
- the right to read the preferences stored on the OSM server
- the right to write preferences stored on the OSM server
These are the default settings. If you want to restrict the granted privileges
- Click the tab Granted rights
- Unselect each privilege which should not be granted to the requested Access Token
Semi-automatic authorization process
Manual authorization process
- fully-authomatic-2.png (55.4 KB) - added by Gubaer 3 years ago.
- fully-authomatic-privileges.png (6.9 KB) - added by Gubaer 3 years ago.
- fully-automatic-advanced.png (11.2 KB) - added by Gubaer 3 years ago.
- semi-automatic-step-1.png (51.6 KB) - added by Gubaer 3 years ago.
- semi-automatic-step-2.png (54.1 KB) - added by Gubaer 3 years ago.
- semi-automatic-step-3.png (57.5 KB) - added by Gubaer 3 years ago.
- semi-automatic-advanced.png (17.9 KB) - added by Gubaer 3 years ago.
- manual.png (52.8 KB) - added by Gubaer 3 years ago.
(44.6 KB) -
added by skyper 10 months ago.
Download all attachments as: .zip