Hoi. [2016-02-04 09:15] Paul Norman <[email protected]> > On 2/4/2016 8:41 AM, markus schnalke wrote: > [2016-02-04 14:43] Tom Hughes <[email protected]> > > > > If you're developing a new editor you should be using OAuth not HTTP > > basic auth. > > If I would be developing a *web* editor, then yes, of course ... but > I am working on a command line editor. > > This remains true for programs invoked from the command line. As an example, > https://github.com/openstreetmap/openstreetmap-license-change uses OAuth.
Thanks for the link. I found OAuth stuff in this file: https://github.com/openstreetmap/openstreetmap-license-change/blob/master/get_auth.rb It says: puts "Visit the following URL, log in if you need to, and authorize the app" puts @request_token.authorize_url puts "When you've authorized that token, enter the verifier code you are assigned:" verifier = gets.strip It seems as if the user would need to register its copy of the program once and then store the oauth-token on disk. Instead of transmitting the username and password, the oauth token and secret are transmitted. How is that different, besides the ability of restricting the permitted actions? (And shouldn't that oauth secret be transmitted via httpS as well, because it's a secret? Hence coming back to my original remark.) If you'd take the time, I'd be glad to learn the advantages of oauth over http basic auth, especially because for a command line application it appears to be mainly inconvenient (needs a web browser to be available (which actually is an issue for me), plus switching to it and back) and only better by the ability to limit the permitted actions. Well, that's how it appears to me. You might know better. meillo _______________________________________________ dev mailing list [email protected] https://lists.openstreetmap.org/listinfo/dev
