Context Navigation

+0
← Previous Change
Ticket Comment History
Next Change →

Changes between Initial Version and Version 1 of Ticket #23804, comment 9

Timestamp:: 2024-07-15T18:00:08+02:00 (13 months ago)
Author:: ogor

Legend:

: Unmodified
: Added
: Removed
: Modified

Ticket #23804, comment 9

-              initial
+              v1
 Replying to [comment:8 taylor.smock]:
+> Important bits from the preferences.xml file ''with the sensitive information removed'' (actual token -> `<token>`):
+> {{{
+>   <tag key='oauth.access-token.object.OAuth20.api.openstreetmap.org' value='{&quot;access_token&quot;:&quot;<token>&quot;,&quot;token_type&quot;:&quot;bearer&quot;,&quot;created_at&quot;:1721024598,&quot;scope&quot;:&quot;&quot;}'/>
+>   <tag key='oauth.access-token.parameters.OAuth20.https://api.openstreetmap.org/api' value='{&quot;client_id&quot;:&quot;edPII614Lm0_0zEpc_QzEltA9BUll93-Y-ugRQUoHMI&quot;,&quot;redirect_uri&quot;:&quot;http://127.0.0.1:8111/oauth_authorization&quot;,&quot;api_url&quot;:&quot;https://api.openstreetmap.org/api&quot;,&quot;authorize_url&quot;:&quot;https://www.openstreetmap.org/oauth2/authorize&quot;,&quot;token_url&quot;:&quot;https://www.openstreetmap.org/oauth2/token&quot;}'/>
+> }}}
+>
+> It looks like there is some sensitive data in the preferences.xml (in those two entries). I have deleted the preferences.xml attachment. It would have allowed other people to impersonate you on the OSM server.
+>
+> (...)
 > The file was up for ~6 minutes; you may or may not be OK. I would still recommend resetting your OAuth 2 token.
 > Steps to do so:
 > 1. Go to https://www.openstreetmap.org/oauth2/applications
 > 2. `Delete` the JOSM application from this list; this will ensure that a ''new token'' is created the next time you try to authenticate with JOSM.
+>
+I replaced passwd and ligin with "was_there" to indicate they wasn't empty strings. Thank you.
+I can't force JOSM to authenticate, so on page you mentioned JOSM is missing and that's my issue.
 > On to the actual problem:
 > It looks like the OAuth scopes are wrong; the preferences should look more like
 …
 > Note that the scope should have `read_gpx write_gpx read_prefs write_prefs write_api write_notes`; these can be trimmed down a bit (for example, JOSM core doesn't need `write_gpx` but the `DirectUpload` plugin does).
+I replaced passwd and ligin with "was_there" to indicate they wasn't empty strings. Thank you.
+I can't force JOSM to authenticate, so on page you mentioned JOSM is missing and that's my issue. Token reset done. Do you think modification of this 2 lines should help?
+ Token reset done. Do you think modification of this 2 lines should help?