Changes between Version 36 and Version 37 of Help/Dialog/OAuthAuthorisationWizard


Ignore:
Timestamp:
2024-05-14T23:17:25+02:00 (12 months ago)
Author:
skyper
Comment:

outdated

Legend:

Unmodified
Added
Removed
Modified

  • Help/Dialog/OAuthAuthorisationWizard

    v36 v37  
    1 [[TranslatedPages]]
    2 = OAuth Authorisation Wizard =
     1[[TranslatedPages(outdated=The Authorization Wizard was removed from JOSM with the deprecation of OAuth 1.0a. This page still exist mainly for historical reasons.)]]
     2
     3= OAuth Authorization Wizard =
    34[[PageOutline(2-10,Table of Contents)]]
    45
     
    1314 1. Your OSM password has to be transferred **only once** over the Internet on a **secure connection**, in contrast to basic authentication where your OSM password is transferred as part of every request sent from JOSM to the OSM server in clear text.
    1415
    15 In OAuth terminology, a JOSM user authorises JOSM to access the OSM server on the user's behalf. During the authorisation process the OSM password never needs to be entered into a JOSM dialog if the user doesn't fully trust JOSM (unless wanting to for convenience reasons [wikitr:/Help/Dialog/OAuthAuthorisationWizard#FullyAutomaticAuthorisation see here]). Rather, the OSM server issues an Access Token which JOSM presents to the OSM server when it uploads data on behalf of the user. Access Tokens don't reveal the user's password and they can be revoked at any time.
     16In OAuth terminology, a JOSM user authorizes JOSM to access the OSM server on the user's behalf. During the authorization process the OSM password never needs to be entered into a JOSM dialog if the user doesn't fully trust JOSM (unless wanting to for convenience reasons [wikitr:/Help/Dialog/OAuthAuthorisationWizard#FullyAutomaticAuthorisation see here]). Rather, the OSM server issues an Access Token which JOSM presents to the OSM server when it uploads data on behalf of the user. Access Tokens don't reveal the user's password and they can be revoked at any time.
    1617
    1718=== Advanced use case - delegate access to other mappers ===
     
    2122
    2223
    23 == The OAuth Authorisation Wizard ==
    24 The Oauth authorisation wizard is located in the preferences under [wikitr:/Help/Preferences/Connection Connection settings].
     24== The OAuth Authorization Wizard ==
     25The Oauth authorization wizard is located in the preferences under [wikitr:/Help/Preferences/Connection OSM Server preferences].
     26
    2527=== What does authentication/authorization mean? ===
    2628When you upload geodata to the OSM server you have to tell the server who you are. The OSM server will **identify** every uploading mapper by asking for an OSM username. The OSM server furthermore needs to **authenticate** this identity, i.e. to reliably determine whether the mapper is indeed the claimed user. For this purpose, it asks for a password in addition to the username. The server's assumption is that whoever knows the secret password for username xyz is reliably authenticated to ''be'' xyz. A mapper logged in with an authenticated username and password is entitled to run a broad range of operations on the server. The mapper is ***authorized** to upload data, to create changesets, to close changesets, to upload GPS traces, to read and changes personal preferences on the server, to invite others as friends, to send emails to other accounts, etc. Currently, it isn't possible to create an OSM account with an OSM username and a password with restricted rights, i.e. an account that would only be able to upload GPS traces, but not map data. Whoever has successfully **authenticated** with an OSM username and an OSM password is **fully authorized** to do everything an OSM user can normally do on the server.
     
    3133  * an Access Token could only be valid for a certain time, i.e. only today, but this is not yet supported by the OSM server
    3234
    33 In addition to username/password pairs, the OSM server also accepts OAuth Access Tokens to authenticate and authorise a user. More specifically, it accepts requests ''signed with such a token'', but this is beyond of the scope of this online help.
     35In addition to username/password pairs, the OSM server also accepts OAuth Access Tokens to authenticate and authorize a user. More specifically, it accepts requests ''signed with such a token'', but this is beyond of the scope of this online help.
    3436
    3537The OAuth Authorization Wizard allows you to receive a valid OAuth Access Token, provided that you have an OSM username and OSM password, or to enter and use an OAuth Access Token in JOSM, provided that you got one from somebody else who has an OSM username and an OSM password.
     
    9698 [[Image(semi-automatic-step-1.png,link=)]]
    9799
    98 2. **Step 2/3** - Authorise the Request Token in an external browser
     1002. **Step 2/3** - Authorize the Request Token in an external browser
    99101
    100102 JOSM now launches an external browser with the OSM website. Please login and follow the instructions. Then switch back to the OAuth Authorization Wizard and click on **Retrieve Access Token**.
     
    141143 Please check the corresponding connection with your network engineer.
    142144----
    143 Back to [wikitr:/Help/Preferences/Connection Connection settings] \\
     145Back to [wikitr:/Help/Preferences/Connection OSM Server preferences] \\
    144146Back to [wikitr:/Help Main Help]