Modify

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#21065 closed defect (fixed)

Fully automatic OAuth authentication fails after change on OSM server side

Reported by: jBeata Owned by: team
Priority: major Milestone: 21.06
Component: Core Version:
Keywords: oauth Cc:

Description (last modified by Don-vip)

The fully automatic OAuth authentication fails for JOSM with the following error:

021-07-02 11:13:03.526 java[9163:91587] 2021-07-02 11:13:03.525 SEVERE: org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: java.io.IOException: stream is closed
org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.getAccessToken(OsmOAuthAuthorizationClient.java:148)
	at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:498)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:94)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:142)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed
	at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:218)
	at oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:108)
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.getAccessToken(OsmOAuthAuthorizationClient.java:143)
	... 6 more
Caused by: java.io.IOException: stream is closed
	at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.ensureOpen(HttpURLConnection.java:3427)
	at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3452)
	at org.openstreetmap.josm.io.ProgressInputStream.read(ProgressInputStream.java:49)
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
	at java.io.InputStreamReader.read(InputStreamReader.java:184)
	at java.io.BufferedReader.fill(BufferedReader.java:161)
	at java.io.BufferedReader.readLine(BufferedReader.java:324)
	at java.io.BufferedReader.readLine(BufferedReader.java:389)
	at oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:235)
	at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:193)
	... 8 more

2021-07-02 11:13:03.532 SEVERE: OAuth authorisation failed - <html>The automatic process for retrieving an OAuth Access Token<br>from the OSM server failed.<br><br>Please try again or choose another kind of authorisation process,<br>i.e. semi-automatic or manual authorisation.</html>
2021-07-02 11:13:03.533 java[9163:91589] 2021-07-02 11:13:03.532 SEVERE: OAuth authorisation failed - <html>The automatic process for retrieving an OAuth Access Token<br>from the OSM server failed.<br><br>Please try again or choose another kind of authorisation process,<br>i.e. semi-automatic or manual authorisation.</html>

Proposed fix from mmd: https://github.com/openstreetmap/openstreetmap-website/pull/3177#issuecomment-876154928

Issue is in POST /oauth/authorize

JOSM sends hardcoded values in automated mode: &allow_write_api=yes&allow_read_prefs=yes&commit=Save+changes&allow_write_gpx=yes&allow_write_notes=yes&allow_read_gpx=yes&allow_write_prefs=yes

Website uses: &allow_read_prefs=0&allow_read_prefs=1&allow_write_prefs=0&allow_write_prefs=1&allow_write_diary=0&allow_write_diary=1&allow_write_api=0&allow_write_api=1&allow_read_gpx=0&allow_read_gpx=1&allow_write_gpx=0&allow_write_gpx=1&allow_write_notes=0&allow_write_notes=1&

Attachments (0)

Change History (16)

comment:1 by skyper, 3 years ago

Yes, can reproduce. Only semi-automatic works, at least, if logged in on OSM-website.

Might be a problem related to the switch to OAuth2, see #20768.

comment:2 by anonymous, 3 years ago

A similar issue has appeared in GNOME Maps: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/386

Instead of getting a page with the verification code and asking for confirmation for the application, it gets an HTML page containing:

"
Authorization request failed

You have denied application GNOME Maps access to your account.
"

I think this is basically the same issue.

comment:3 by Don-vip, 3 years ago

Keywords: oauth added
Milestone: 21.06

comment:4 by Don-vip, 3 years ago

Description: modified (diff)

comment:5 by mmd, 3 years ago

Issue is entirely unrelated to OAuth 2.0, it's a side effect of fixing an issue in https://github.com/openstreetmap/openstreetmap-website/issues/3241

comment:6 by mmd, 3 years ago

For avoidance of doubt, JOSM needs to fix the fully automated mode here, there's nothing left to do on OSM website.

comment:7 by Don-vip, 3 years ago

@mmd thanks. I don't understand the ticket nor the changes. Can you please enlighten us on what did change on OSM server side?

EDIT: ah sorry didn't see the answers at https://github.com/openstreetmap/openstreetmap-website/pull/3177 comments

Last edited 3 years ago by Don-vip (previous) (diff)

comment:8 by Don-vip, 3 years ago

Description: modified (diff)

comment:9 by skyper, 3 years ago

If I understand it correctly, fully automated mode should be dropped completely and semi-automated mode should be the default.

comment:10 by Don-vip, 3 years ago

Removing a feature largely used for 11 years needs discussion first. I will simply fix it for now. We'll see with the OAuth2 transition (#20768) if we keep fully automatic authentication or not.

comment:11 by Don-vip, 3 years ago

Summary: OAuth Authentication fails for JOSMFully automatic OAuth authentication fails after change on OSM server side

comment:12 by mmd, 3 years ago

By the way, the strange repeated parameter values ("allow_read_prefs=0&allow_read_prefs=1") used by the /oauth/authorize website are explained in more detail here: https://api.rubyonrails.org/classes/ActionView/Helpers/FormBuilder.html#method-i-check_box

This way, the client either sends only the hidden field (representing the check box is unchecked), or both fields. Since the HTML specification says key/value pairs have to be sent in the same order they appear in the form, and parameters extraction gets the last occurrence of any repeated key in the query string, that works for ordinary forms.

comment:13 by Don-vip, 3 years ago

Resolution: fixed
Status: newclosed

In 17972/josm:

fix #21065 - update fully automatic OAuth authentication to adapt to recent OSM server changes

comment:14 by Don-vip, 3 years ago

Thanks a lot @mmd for the help!

in reply to:  14 comment:15 by anonymous, 3 years ago

Replying to Don-vip:

Thanks a lot @mmd for the help!

Yeah, thanks. Also made the corresponding fix in GNOME Maps (and released stabled updates on the 40.x and 3.38.x branches) with this.

comment:16 by taylor.smock, 2 years ago

Ticket #22062 has been marked as a duplicate of this ticket.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.