<p>I think Roland decribed the concept here: <a href="https://lists.openstreetmap.org/pipermail/osmf-talk/2018-October/005323.html" rel="nofollow">https://lists.openstreetmap.org/pipermail/osmf-talk/2018-October/005323.html</a>, and more specifically here: <a href="https://dev.overpass-api.de/misc/authentication.pdf" rel="nofollow">https://dev.overpass-api.de/misc/authentication.pdf</a></p>
<p>I would have preferred a solution based on a more standard solution, like JSON Web Tokens - <a href="https://jwt.io/" rel="nofollow">https://jwt.io/</a> - and assert the origin of the tokens by means of public/private keys only.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-463976028">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/ABWnLQC2E7YvgB0QcG_saBomwEGmZ5Kjks5vNoQrgaJpZM4a8_uM">mute the thread</a>.<img src="https://github.com/notifications/beacon/ABWnLYdpnV-SFoUxZ47kQRFLgHLEL0Uiks5vNoQrgaJpZM4a8_uM.gif" height="1" width="1" alt="" /></p>
<script type="application/json" data-scope="inboxmarkup">{"api_version":"1.0","publisher":{"api_key":"05dde50f1d1a384dd78767c55493e4bb","name":"GitHub"},"entity":{"external_key":"github/openstreetmap/openstreetmap-website","title":"openstreetmap/openstreetmap-website","subtitle":"GitHub repository","main_image_url":"https://github.githubassets.com/images/email/message_cards/header.png","avatar_image_url":"https://github.githubassets.com/images/email/message_cards/avatar.png","action":{"name":"Open in GitHub","url":"https://github.com/openstreetmap/openstreetmap-website"}},"updates":{"snippets":[{"icon":"PERSON","message":"@mmd-osm in #2145: I think Roland decribed the concept here: https://lists.openstreetmap.org/pipermail/osmf-talk/2018-October/005323.html, and more specifically here: https://dev.overpass-api.de/misc/authentication.pdf\r\n\r\nI would have preferred a solution based on a more standard solution, like JSON Web Tokens - https://jwt.io/ - and assert the origin of the tokens by means of public/private keys only."}],"action":{"name":"View Pull Request","url":"https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-463976028"}}}</script>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-463976028",
"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-463976028",
"name": "View Pull Request"
},
"description": "View this Pull Request on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>