[OSM-dev] Querying OAuth access token permissions
Christoph Bünte
tiny-grasshopper at gmx.net
Fri Apr 20 12:13:52 BST 2012
Hi,
we plan to use OSM to login in users into the wheelmap via OAuth to replace our current email+password login (to make major changes on wheelmap, you have to be an OSM user anyway).
The login flow itself works fine with standard OAuth libraries, and we ask the user grant permission to read user preferences and change the map.
But is there a way to find out if the user which permissions the user actually granted? In particular, we would like to know whether the access token can change the map. We know the recommended way is to just try an API call which requires the specific permission. Our infrastructure queues all changes to the osm data and works it off later to be independent from OSM API status. But when the job is worked off it is too late to tell the user, that permissions are missing.
Is it be possible to
* either add information about granted permissions in the OAuth callback response
* add an API to query the permission for an access token
* find another way to test (during user login) whether an access token may change the map (without actually changing anything)
Best regards
Christoph
--
Christoph Bünte
SOZIALHELDEN e.V.
E-Mail: christoph at sozialhelden.de
Web: http://www.sozialhelden.de
More information about the dev
mailing list