#7183 closed defect (worksforme)
HTTP 302 response to OAuth full-auto authentication ?
Reported by: | Don-vip | Owned by: | team |
---|---|---|---|
Priority: | major | Milestone: | |
Component: | Core | Version: | latest |
Keywords: | OAuth, http, 302 | Cc: |
Description (last modified by )
I'm getting some trouble to configure OAuth on the work notebook I've taken home for holidays :)
I don't know if this comes from this machine, if the OSM server is crazy or if it is a recent JOSM regression, but the OAuth authentication does not work with JOSM 4707. The error comes with this exception on the standard output:
org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: L’autorisation de la requête OAuth '...' a échoué at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.sendAuthorisationRequest(OsmOAuthAuthorizationClient.java:432) at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.authorise(OsmOAuthAuthorizationClient.java:494) at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:533) at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:79) at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:125) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:662)
I've checked in debug mode: JOSM receives a HTTP 302 response (redirect) from the OSM server instead of an expected HTTP 200 (OK).
I've never seen that before, am I the only one with this behavior ?
Attachments (0)
Change History (14)
comment:1 by , 13 years ago
Description: | modified (diff) |
---|
comment:2 by , 13 years ago
comment:4 by , 13 years ago
I've cleared my preferences and tried with JOSM 4667, same result.
I wonder if it is related to my corporate environment, have to look further into this.
comment:5 by , 13 years ago
The exact HTTP response I always have to the POST request to http://www.openstreetmap.org/oauth/authorize is the following:
Response code: 302 null: [HTTP/1.1 302 Found] X-Runtime: [0.854605] Content-Language: [en] Content-Length: [129] X-UA-Compatible: [IE=Edge,chrome=1] Location: [http://www.openstreetmap.org/login?referer=%2Foauth%2Fauthorize] Set-Cookie: [_osm_session=...; path=/; HttpOnly] Connection: [Keep-Alive] Server: [Apache/2.2.14 (Ubuntu)] X-Powered-By: [Phusion Passenger (mod_rails/mod_rack) 3.0.11] Cache-Control: [no-cache] Status: [302] Date: [Sun, 25 Dec 2011 21:55:54 GMT] Vary: [Accept-Language,Accept-Encoding] Keep-Alive: [timeout=15, max=100] Content-Type: [text/html; charset=utf-8]
EDIT: I have the same 302 response with a good password and a bad one, I really don't understand (and I've checked my password on OSM website to see if I'm not crazy :))
follow-up: 8 comment:6 by , 13 years ago
Description: | modified (diff) |
---|---|
Summary: | HTTP 302 response to OAuth authentification ? → HTTP 302 response to OAuth full-auto authentication ? |
Tested with semi-automatic method, works fine. OAuth is a bit cryptic for me, does anyone have any idea what happens when I try with full-automatic method ?
comment:7 by , 13 years ago
The Server-Interface changed at least. Previously it was http://www.openstreetmap.org/oauth/authorize, now it is http://www.openstreetmap.org/user/.../oauth_clients(/new). Very likely also the data to send has been modified a bit (simply replacing the url did not work in a test). Login seems to work, so only the registration step needs to be fixed.
See trunk/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java, trunk/src/org/openstreetmap/josm/gui/oauth/OsmOAuthAuthorizationClient.java#L384 and trunk/src/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java.
comment:8 by , 13 years ago
Replying to Don-vip:
Tested with semi-automatic method, works fine.
Ping.
Sorry for not telling but I ran into same situation, 2 days ago. I was not sure if Full-Automatic had ever worked but indeed it did.
comment:10 by , 13 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
comment:11 by , 13 years ago
Confirm similar behaviour in build 5267.
When trying to enable fully-aumatic OAuth JOSM hangs and becomes fully unresponsive (killing the process is the only option).
Exception on console is:
org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: OSM website did not return a session cookie in response to 'http://www.openstreetmap.org/oauth/authorize?oauth_token=<this data is probably private>', at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.fetchOAuthToken(OsmOAuthAuthorizationClient.java:358) at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.sendAuthorisationRequest(OsmOAuthAuthorizationClient.java:450) at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.authorise(OsmOAuthAuthorizationClient.java:561) at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:533) at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:82) at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:145) at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source)
comment:12 by , 13 years ago
Resolution: | → worksforme |
---|---|
Status: | reopened → closed |
Tested with recent JOSM. Works as expected.
follow-up: 14 comment:13 by , 13 years ago
This does not mean that it's not a bug, it could mean that this bug is irregular and occasional. Or probably this bug is fixed in unstable versions. Did you use the same stable release?
comment:14 by , 13 years ago
Replying to positron96:
This does not mean that it's not a bug, it could mean that this bug is irregular and occasional.
This possibility always exists. We can't do anything against these until a bug is reproducible or at least understandable.
If we are good JOSM probably has a bug count of less than 2 bugs each 1000 lines of code (we have more than 250000 in core), which means hundreds of bugs. :-)
Or probably this bug is fixed in unstable versions. Did you use the same stable release?
As said I tested recent version, i.e. latest. There have been no changes regarding OAuth for a very long time.
I changed the password handling a bit lately, but this should not have affected OAuth. But maybe login for fully automatic OAuth is affected, as this does not go to OSM-API.