Modify

Opened 12 months ago

Closed 12 months ago

Last modified 6 weeks ago

#21065 closed defect (fixed)

Fully automatic OAuth authentication fails after change on OSM server side

Reported by: jBeata Owned by: team
Priority: major Milestone: 21.06
Component: Core Version:
Keywords: oauth Cc:

Description (last modified by Don-vip)

The fully automatic OAuth authentication fails for JOSM with the following error:

021-07-02 11:13:03.526 java[9163:91587] 2021-07-02 11:13:03.525 SEVERE: org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: java.io.IOException: stream is closed
org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.getAccessToken(OsmOAuthAuthorizationClient.java:148)
	at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:498)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:94)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:142)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at java.lang.Thread.run(Thread.java:748)
Caused by: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed
	at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:218)
	at oauth.signpost.AbstractOAuthProvider.retrieveAccessToken(AbstractOAuthProvider.java:108)
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.getAccessToken(OsmOAuthAuthorizationClient.java:143)
	... 6 more
Caused by: java.io.IOException: stream is closed
	at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.ensureOpen(HttpURLConnection.java:3427)
	at sun.net.www.protocol.http.HttpURLConnection$HttpInputStream.read(HttpURLConnection.java:3452)
	at org.openstreetmap.josm.io.ProgressInputStream.read(ProgressInputStream.java:49)
	at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:284)
	at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:326)
	at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:178)
	at java.io.InputStreamReader.read(InputStreamReader.java:184)
	at java.io.BufferedReader.fill(BufferedReader.java:161)
	at java.io.BufferedReader.readLine(BufferedReader.java:324)
	at java.io.BufferedReader.readLine(BufferedReader.java:389)
	at oauth.signpost.AbstractOAuthProvider.handleUnexpectedResponse(AbstractOAuthProvider.java:235)
	at oauth.signpost.AbstractOAuthProvider.retrieveToken(AbstractOAuthProvider.java:193)
	... 8 more

2021-07-02 11:13:03.532 SEVERE: OAuth authorisation failed - <html>The automatic process for retrieving an OAuth Access Token<br>from the OSM server failed.<br><br>Please try again or choose another kind of authorisation process,<br>i.e. semi-automatic or manual authorisation.</html>
2021-07-02 11:13:03.533 java[9163:91589] 2021-07-02 11:13:03.532 SEVERE: OAuth authorisation failed - <html>The automatic process for retrieving an OAuth Access Token<br>from the OSM server failed.<br><br>Please try again or choose another kind of authorisation process,<br>i.e. semi-automatic or manual authorisation.</html>

Proposed fix from mmd: https://github.com/openstreetmap/openstreetmap-website/pull/3177#issuecomment-876154928

Issue is in POST /oauth/authorize

JOSM sends hardcoded values in automated mode: &allow_write_api=yes&allow_read_prefs=yes&commit=Save+changes&allow_write_gpx=yes&allow_write_notes=yes&allow_read_gpx=yes&allow_write_prefs=yes

Website uses: &allow_read_prefs=0&allow_read_prefs=1&allow_write_prefs=0&allow_write_prefs=1&allow_write_diary=0&allow_write_diary=1&allow_write_api=0&allow_write_api=1&allow_read_gpx=0&allow_read_gpx=1&allow_write_gpx=0&allow_write_gpx=1&allow_write_notes=0&allow_write_notes=1&

Attachments (0)

Change History (16)

comment:1 Changed 12 months ago by skyper

Yes, can reproduce. Only semi-automatic works, at least, if logged in on OSM-website.

Might be a problem related to the switch to OAuth2, see #20768.

comment:2 Changed 12 months ago by anonymous

A similar issue has appeared in GNOME Maps: https://gitlab.gnome.org/GNOME/gnome-maps/-/issues/386

Instead of getting a page with the verification code and asking for confirmation for the application, it gets an HTML page containing:

"
Authorization request failed

You have denied application GNOME Maps access to your account.
"

I think this is basically the same issue.

comment:3 Changed 12 months ago by Don-vip

Keywords: oauth added
Milestone: 21.06

comment:4 Changed 12 months ago by Don-vip

Description: modified (diff)

comment:5 Changed 12 months ago by mmd

Issue is entirely unrelated to OAuth 2.0, it's a side effect of fixing an issue in https://github.com/openstreetmap/openstreetmap-website/issues/3241

comment:6 Changed 12 months ago by mmd

For avoidance of doubt, JOSM needs to fix the fully automated mode here, there's nothing left to do on OSM website.

comment:7 Changed 12 months ago by Don-vip

@mmd thanks. I don't understand the ticket nor the changes. Can you please enlighten us on what did change on OSM server side?

EDIT: ah sorry didn't see the answers at https://github.com/openstreetmap/openstreetmap-website/pull/3177 comments

Last edited 12 months ago by Don-vip (previous) (diff)

comment:8 Changed 12 months ago by Don-vip

Description: modified (diff)

comment:9 Changed 12 months ago by skyper

If I understand it correctly, fully automated mode should be dropped completely and semi-automated mode should be the default.

comment:10 Changed 12 months ago by Don-vip

Removing a feature largely used for 11 years needs discussion first. I will simply fix it for now. We'll see with the OAuth2 transition (#20768) if we keep fully automatic authentication or not.

comment:11 Changed 12 months ago by Don-vip

Summary: OAuth Authentication fails for JOSMFully automatic OAuth authentication fails after change on OSM server side

comment:12 Changed 12 months ago by mmd

By the way, the strange repeated parameter values ("allow_read_prefs=0&allow_read_prefs=1") used by the /oauth/authorize website are explained in more detail here: https://api.rubyonrails.org/classes/ActionView/Helpers/FormBuilder.html#method-i-check_box

This way, the client either sends only the hidden field (representing the check box is unchecked), or both fields. Since the HTML specification says key/value pairs have to be sent in the same order they appear in the form, and parameters extraction gets the last occurrence of any repeated key in the query string, that works for ordinary forms.

comment:13 Changed 12 months ago by Don-vip

Resolution: fixed
Status: newclosed

In 17972/josm:

fix #21065 - update fully automatic OAuth authentication to adapt to recent OSM server changes

comment:14 Changed 12 months ago by Don-vip

Thanks a lot @mmd for the help!

comment:15 in reply to:  14 Changed 12 months ago by anonymous

Replying to Don-vip:

Thanks a lot @mmd for the help!

Yeah, thanks. Also made the corresponding fix in GNOME Maps (and released stabled updates on the 40.x and 3.38.x branches) with this.

comment:16 Changed 6 weeks ago by taylor.smock

Ticket #22062 has been marked as a duplicate of this ticket.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted.

Add Comment


E-mail address and name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.