Modify

Opened 11 months ago

Closed 11 months ago

Last modified 10 months ago

#23475 closed defect (duplicate)

Login fails

Reported by: SomeoneElse2 Owned by: team
Priority: major Milestone:
Component: Core Version:
Keywords: template_report Cc:

Description

What steps will reproduce the problem?

  1. Download latest JOSM Tested
  2. Edit / preferences / OSM Server / New Access Token
  3. Enter username and password (both copied from password manager, and separately validated in incognito browser window)
  4. Click Authorise now

What is the expected result?

Logging in

What happens instead?

Oauth authorisation failed

https://www.openstreetmap.org/user/SomeoneElse2/oauth_clients
shows a token under "Oauth 1 settings".

Please provide any additional information below. Attach a screenshot if possible.

https://map.atownsend.org.uk/tmp/Screenshot%202024-02-14%20140600.png

Relative:URL: ^/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2024-02-05 12:56:34 +0100 (Mon, 05 Feb 2024)
Revision:18969
Build-Date:2024-02-06 02:30:58
URL:https://josm.openstreetmap.de/svn/trunk

Identification: JOSM/1.5 (18969 en_GB) Windows 10 64-Bit
OS Build number: Windows 10 Pro 2009 (19045)
Memory Usage: 600 MB / 3026 MB (117 MB allocated, but free)
Java version: 21.0.2+13-58, Oracle Corporation, OpenJDK 64-Bit Server VM
Look and Feel: com.sun.java.swing.plaf.windows.WindowsLookAndFeel
Screen: \Display0 1920×1080 (scaling 1.50×1.50) \Display1 1920×1080 (scaling 1.00×1.00)
Maximum Screen Size: 1920×1080
Best cursor sizes: 16×16→48×48, 32×32→48×48
System property file.encoding: UTF-8
System property sun.jnu.encoding: Cp1252
Locale info: en_GB
Numbers with default locale: 1234567890 -> 1234567890

Plugins:
+ continuosDownload (103)
+ reverter (36196)
+ undelete (36126)

Last errors/warnings:
- 00000.766 W: extended font config - overriding 'filename.Malgun_Gothic=malgun.ttf' with 'MALGUN.TTF'
- 00000.768 W: extended font config - overriding 'filename.Myanmar_Text=mmrtext.ttf' with 'MMRTEXT.TTF'
- 00000.770 W: extended font config - overriding 'filename.Mongolian_Baiti=monbaiti.ttf' with 'MONBAITI.TTF'
- 00002.873 W: Update plug-ins - You updated your JOSM software. To prevent problems the plug-ins should be updated as well.  Update plug-ins now?
- 00026.996 E: Failed to locate image 'http://www.geoportal.segeth.df.gov.br/static/dist/img/logo_geoportal.png'
- 00060.709 E: org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: oauth.signpost.exception.OAuthCommunicationException: Communication with the service provider failed: stream is closed. Cause: java.io.IOException: stream is closed
- 00060.724 E: OAuth authorisation failed - <html>The automatic process for retrieving an OAuth Access Token<br>from the OSM server failed.<br><br>Please try again or choose another kind of authorisation process,<br>i.e. semi-automatic or manual authorisation.</html>
- 00119.838 E: Failed to locate image 'http://www.geoportal.segeth.df.gov.br/static/dist/img/logo_geoportal.png'

Attachments (0)

Change History (6)

comment:1 by taylor.smock, 11 months ago

Resolution: duplicate
Status: newclosed

Closed as duplicate of #22810.
I'm intending to remove OAuth 1.0 from JOSM this month.

See https://github.com/openstreetmap/operations/issues/867#issuecomment-1911954055 (OSM is removing Basic Auth and OAuth 1.0a as authentication options in June).

This issue will be "fixed" by the removal of OAuth 1.0a from JOSM.

comment:2 by SomeoneElse2, 11 months ago

Thanks. I was a bit surprised that "New Access Token" defaulted to other than Oauth 2.0:
https://map.atownsend.org.uk/tmp/Screenshot_20240214_214913.png
(a bit surprised that there was even a choice, to be honest).

comment:3 by taylor.smock, 11 months ago

I was a bit surprised that "New Access Token" defaulted to other than Oauth 2.0:

We supported OAuth 1.0a and OAuth 2.0 at the same time; what New Access Token did depends upon which authentication method you have selected.

comment:4 by taylor.smock, 10 months ago

In 18991/josm:

Fix #22810: OSM OAuth 1.0a/Basic auth deprecation and removal

As of 2024-02-15, something changed in the OSM server configuration. This broke
our OAuth 1.0a implementation (see #23475). As such, we are removing OAuth 1.0a
from JOSM now instead of when the OSM server removes support in June 2024.

For third-party OpenStreetMap servers, the Basic Authentication method has been
kept. However, they should be made aware that it may be removed if a non-trivial
bug occurs with it. We highly recommend that the third-party servers update to
the current OpenStreetMap website implementation (if only for their own security).

Failing that, the third-party server can implement RFC8414. As of this commit,
we currently use the authorization_endpoint and token_endpoint fields.
To check and see if their third-party server implements RFC8414, they can go
to <server host>/.well-known/oauth-authorization-server.

Prominent third-party OpenStreetMap servers may give us a client id for their
specific server. That client id may be added to the hard-coded client id list
at maintainer discretion. At a minimum, the server must be publicly
available and have a significant user base.

comment:5 by SomeoneElse2, 10 months ago

As such, we are removing OAuth 1.0a

from JOSM now instead of when the OSM server removes support in June 2024.

Thanks, that makes sense (from a "person who edits OSM" perspective); I can't really comment on the "other API implementations" thing.

comment:6 by taylor.smock, 10 months ago

OpenHistoricalMap and OpenGeoFiction both have forks of OpenStreetMap's Ruby-on-Rails port.

Both of which are significantly out-of-date, but still support OAuth 2. Just not RFC 8414 which allows for automatic endpoint configuration.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.