id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
4790	[patch] Fully automatic retrieval of  OAuth token failed since OSM switched to HTTPS	anonymous	Gubaer	"The fully automatic retrieval of an OAuth access token failed with the error message org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: OSM website did not return a session cookie in response to 'http://www.openstreetmap.org/login?cookie_test=true'

Although I don't know the josm code, I could imagine that the problem lies with the redirect to https on the login page.

Since a couple of weeks the OSM webpage supports and requires secure http for all operations involving the user password. The webserver thus responds with a 301 moved permanently redirect to the the https site and it appears as if the JOSM code does not correctly handle this.

JOSM should then also not warn about the unsecure password transmission when using OAuth

Tested with JOSM version 3151"	defect	closed	critical		Core		fixed	patch