On Sat, Apr 27, 2019 at 02:40:13PM +0100, Tom Hughes wrote: > On 27/04/2019 14:37, Jiri Vlasak wrote: > > On Fri, Apr 26, 2019 at 07:28:39PM +0100, Tom Hughes wrote: > > > On 26/04/2019 19:06, Jiri Vlasak wrote: > > > > This approach is similar to one used by HOT Tasking Manager [1]. In my > > > > "oauth > > > > settings" section I have many many "Tasking Manager 3 - Prod" tokens. > > > > And I > > > > feel this approach is not right. > > > > > > That's usually because the client is broken and is not storing the > > > token but is instead requesting a new one every time you use it. > > > > That's my guess too. So, I would like to write it better. My problem is > > that I > > am quite confused by OAuth. > > > > If I understand it correctly, OAuth is here for authorization. But, in my > > case > > (and in the case of HOT Tasking Manager), the use case is authentication. > > Yes it is really abuse of OAuth in general but is common. > > Note that OAuth 2 (in the form of OpenID Connect) has basically > merged the two use cases anyway. > > > So maybe I should ask - is it possible to authenticate to osm.org? > > Well yes, that is what OAuth does.
Ofcourse. I am sorry, still learning the OAuth thing. > What is happening here is using your osm.org account to > authenticate to a third party site. That should be my question. > That works if the third party is prepared to accept you > allowing it to access osm.org as valid authentication. Anyway, I did a little bit more research in OAuth and I think that I resolved the most issues I needed. Thanks, Tom, for pointing me out! Have a nice day, jiri _______________________________________________ dev mailing list dev@openstreetmap.org https://lists.openstreetmap.org/listinfo/dev