Disallow saving OSM credentials (in favour of OAuth)

[simon04]

Since we prefer OAuth and show the OAuth wizard for not-yet-logged-in users (#7612), I would propose to disallow saving of OSM username and password for the default OSM server. Custom servers or WMS services would not be affected.

Any thoughts? Should we await some feedback (i.e., no negative feedback) for OAuth being the default?

[stoecker]

I'm against this idea. Making OAuth default is ok, but why disallow a working login method. With HTTPS basic auth has no real drawbacks and storing password/username unencrypted is e.g. no problem on my machine, as it's completely encrypted. Chances of misuse are very low.

OTOH we had many issues with OAuth in the past and needed the fallback. Many times OSM changed something with the webinterface and login JOSM has to remake the OAuth stuff.

[simon04]

Just to clarify: Basic authentication to the OSM server would still be possible, but the username+password would have to be entered every time starting JOSM.

[stoecker]

Still this is much like what firefox does ATM: "We know better than our users what they want to do". If keeping old options costs additional maintenance work I agree to remove them. But that's not the case here. We'd remove this only because we asssume to know better what's good for our users. I don't like that.