Modify

Opened 6 weeks ago

Last modified 6 weeks ago

#23679 new task

Update OSM Server preference page

Reported by: skyper Owned by: team
Priority: normal Milestone:
Component: Wiki content Version:
Keywords: preference OSM Server OAuth2 remote control Cc: taylor.smock

Description

OSM Server preferences needs some updates:

  • OAuth1 is outdated and can be removed
    • Some screenshots need updates
  • OAuth2 needs some better wording as the seems to be some confusion about "Remote Control", see https://community.openstreetmap.org/t/113078
    • As I understand it, OAuth2 uses "Remote Control" under the hood which can lead to problems if there is already another instance of JOSM with enabled "Remote Control" running but you definitely do not have to enable "Remote Control" to get a token.

Besides that, what should we do with Help/Dialog/OAuthAuthorisationWizard. Is it still useful or should the whole page be deleted?

Attachments (0)

Change History (5)

comment:1 by skyper, 6 weeks ago

Cc: taylor.smock added

comment:2 by taylor.smock, 6 weeks ago

Anything mentioning Fully automatic authorization can be removed.

I don't know how to better word the bit on remote control. I'll give a rundown on what happens so that maybe someone can come up with better wording.

Fetching the Authorization Token:

  1. Open browser to OSM OAuth page and start Remote Control server
  2. OSM redirects to http://127.0.0.1:8111/oauth_authorization after user logs in and authorizes the request
  3. The JOSM Remote Control server takes the information from the redirect in step (2) and finishes the authorization flow
  4. JOSM stops the remote control server if it was not originally running

Using the Authorization Token:

  1. Attach the token to the HTTP request using Authorization: OAuth ${token} as a header.

Remote Control is not required for using the authorization token. It is only required to fetch the token during the initial OAuth authorization flow.

The reason why I indicated that it uses remote control is that some users may have other JOSM instances running with remote control started, which would prevent the current instance from authenticating. I was trying to give some troubleshooting steps.

comment:3 by stoecker, 6 weeks ago

Besides that, what should we do with Help/Dialog/OAuthAuthorisationWizard. Is it still useful or should the whole page be deleted?

It's still referenced.

org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenOK")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java:        pnl.add(new JButton(new ContextSensitiveHelpAction(HelpUtil.ht("/Dialog/OAuthAuthorisationWizard"))));
org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java:        HelpUtil.setHelpContext(getRootPane(), HelpUtil.ht("/Dialog/OAuthAuthorisationWizard"));
org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java:                    HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#FullyAutomaticProcessFailed")
org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java:                    HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#FullyAutomaticProcessFailed")
org/openstreetmap/josm/gui/oauth/AdvancedOAuthPropertiesPanel.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard")
org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanel.java:     * Launches the OAuthAuthorisationWizard to generate a new Access Token

Also deleting a page kills the whole history. Better is to fill it with updated information ;-)

comment:4 by skyper, 6 weeks ago

Ok, I have added a sentence to the description of the use of remote control and did some cosmetic work on the OSM Server page. I did not remove the section about OAuth1a but I think it should be removed. Any objections?

The problem with Help/Dialog/OAuthAuthorisationWizard is that it is mostly about OAuth1a. The wizard dialogs do not exist anymore and even the part about "Advanced OAuth parameters" is only about OAuth1a and does not fit with OAuth2. I think these advanced parameters can easily be added to Help/Preferences/Connection. Either the whole "wizard" page needs a major rework or we could mark it as outdated instead of deleting it.
So far, with current josm-latest, I only found one occasion where the context sensitive help links to the page. It is the message dialog when testing the OAuth2 token and the page does not give any help in this case.

in reply to:  4 comment:5 by taylor.smock, 6 weeks ago

Replying to skyper:

[...] I did not remove the section about OAuth1a but I think it should be removed. Any objections?

Not from me. I don't think we will ever be bringing OAuth 1 back.

The problem with Help/Dialog/OAuthAuthorisationWizard is that it is mostly about OAuth1a. The wizard dialogs do not exist anymore and even the part about "Advanced OAuth parameters" is only about OAuth1a and does not fit with OAuth2. I think these advanced parameters can easily be added to Help/Preferences/Connection. Either the whole "wizard" page needs a major rework or we could mark it as outdated instead of deleting it.

I've done a bit of work to readd advanced parameters, so I think outdated is better than deletion for that.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The owner will remain team.
as The resolution will be set. Next status will be 'closed'.
to The owner will be changed from team to the specified user.
Next status will be 'needinfo'. The owner will be changed from team to skyper.
as duplicate The resolution will be set to duplicate. Next status will be 'closed'. The specified ticket will be cross-referenced with this ticket.
The owner will be changed from team to anonymous. Next status will be 'assigned'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.