[[TranslatedPages]]
= OAuth Authorisation Wizard = 

{{{
#!html
<p style="background-color:rgb(253,255,221);padding: 10pt; border-color:rgb(128,128,128);border-style: solid; border-width: 1px;">
This is work in progress which is neither available in <tt>latest</tt> nor in <tt>tested</tt>. The corresponding features will be available shortly. 
Please check the JOSM Message of the Day.
</p>
}}}

[[TOC(inline)]]

== OAuth in a nutshell ==
[http://oauth.net/ OAuth] is an open protocol to allow secure API authorization  in a simple and standard method from desktop and web applications. 

=== Standard use case - keep your OSM password private ===
The standard use case in OSM for OAuth is to keep your OSM password more private than with Basic Authentication. 

OAuth has two major advantages over Basic Authentication:
  1. Your OSM password doesn't have to be saved in clear text in the JOSM preferences file.
  2. Your OSM password has to be transferred '''only once''' over the Internet, in contrast to basic authentication where your OSM password is trasferred as part of every request sent from JOSM to the OSM server. 

{{{
#!html
<p style="background-color:rgb(253,255,221);padding: 10pt; border-color:rgb(128,128,128);border-style: solid; border-width: 1px;">
<strong>Warning!</strong><br/>
Currently, the OSM server doesn't offer a secure communication channel. Even if you use OAuth your password is therefore transferred <strong>once in clear text</strong> over the Internet. <strong>Do not use a valuable password</strong> until the OSM server provides a secure communication channel (HTTPS).
</p>
}}}

In OAuth terminology, a JOSM user authorises JOSM to access the OSM server on his behalf. During the authorisation process he never has to enter his OSM password into a JOSM dialog if he or she doesn't fully trust JOSM (unless he wants to for convenience reasons [wiki:/Help/Dialog/OAuthAuthorisationWizard#FullyAutomaticAuthorisation, see here]). Rather, the OSM server issues an Access Token which JOSM presents to the OSM server when it uploads data on behalf of the user. Access Tokens don't reveal the users password and they can be revoked at any time. 

=== Advanced use case - delegate access to fellow mappers ===

== The OAuth Authorisation Wizard ==

=== What does authorization mean? ===

=== Fully automatic authorization process ===

=== Semi-automatic authorization process ===

=== Manual authorization process ===