| | 80 | === OAuth 2.0 based authentication ===#oauth2 |
| | 81 | [https://oauth.net/2 OAuth 2.0] is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. The OSM server supports OAuth 2.0 in addition to basic authentication. |
| | 82 | |
| | 83 | OAuth has two major advantages over basic authentication: |
| | 84 | 1. Your OSM password doesn't have to be saved in clear text in the JOSM preferences file. |
| | 85 | 1. Your OSM password has to be transferred encrypted **only once** over the Internet, in contrast to basic authentication where your OSM password is transferred unencrypted as part of every request sent from JOSM to the OSM server. |
| | 86 | |
| | 87 | OAuth 2.0 uses [wikitr:RemoteControl Remote Control] to receive the token from the OAuth server. If you have issues authenticating, you can disable remote control in other running instances of JOSM and disable ''then'' re-enable it in the JOSM instance you are trying to authenticate. |
| | 88 | |
| | 89 | Once initialized the access token is represented with the following options: |
| | 90 | |
| | 91 | [[Image(oauth-2-authentication.png,500,link=)]] |
| | 92 | |
| | 93 | * Deselect the checkbox **Save to preferences** if you don't want to save the Access Token in the JOSM preferences. If you don't save it the Access Token will be lost when you close JOSM. If you later startup JOSM again you will have to retrieve a new Access Token to work with OAuth based authentication again. |
| | 94 | * Click on **Test Access Token** to submit a test request with the token to the OSM server. JOSM will analyze whether this token is authorized to access the OSM server. |
| | 95 | * Click on **Remove token** to remove the current token. The `Authorise now` button will reappear. |
