
<p></p>

<p>I believe once we have OAuth 2.0 in place, we could validate a token that has been issued by osm.org by calling the <em>introspect</em> endpoint (assuming this will be available in the future).</p>

<p>Here's a quick example for illustration purposes (actual output,, no fake):</p>

<ol>

<li>

<p>Overpass API receives a query with an HTTP Authentication header <code>Bearer ASIKSMtZ67n2d7FaM5pYRQOLkNqZOfaYDQn-aB1OCCE</code></p>

</li>

<li>

<p>Overpass API validates token against oauth introspection endpoint osm.org:</p>

</li>

</ol>

<pre><code>curl -F client_id=zQyq4UbbrCMjShugI1BbYmJ_JQZKnDLj3iZjMVSEB8o -F client_secret=rTDU2cPJ284WL41yYIiPXqzvre2MXjovU3B4WX-zbN4 -F token=ASIKSMtZ67n2d7FaM5pYRQOLkNqZOfaYDQn-aB1OCCE -X POST http://localhost:3000/oauth2/introspect

{"active":true,"scope":"read","client_id":"zQyq4UbbrCMjShugI1BbYmJ_JQZKnDLj3iZjMVSEB8o","token_type":"Bearer","exp":1602439905,"iat":1602432705,"username":"mmd3"}

</code></pre>

<p>In case of an invalid token, the server would return:</p>

<pre><code>{"active":false}

</code></pre>

<p><code>username":"mmd3"</code> is not part of the doorkeeper.rb default, and only added here as an example.</p>

<p>Results could probably be cached for some time to avoid repeatedly calling the osm.org endpoint.</p>

<p>client_id and secret have been defined before in doorkeeper:</p>

<p><a target="_blank" rel="noopener noreferrer" href="https://user-images.githubusercontent.com/5842757/95685188-a3a08b00-0bf6-11eb-8bfe-0221187c1b2a.png"><img src="https://user-images.githubusercontent.com/5842757/95685188-a3a08b00-0bf6-11eb-8bfe-0221187c1b2a.png" alt="Bildschirmfoto von 2020-10-11 19-18-20" style="max-width:100%;"></a></p>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />You are receiving this because you are subscribed to this thread.<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706737557">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLLZSP725BVHK2Y6SA3SKHSL7ANCNFSM4GXT7OGA">unsubscribe</a>.<img src="https://github.com/notifications/beacon/AAK2OLJOFV24TXR5NZ4GIHDSKHSL7A5CNFSM4GXT7OGKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOFIP7LFI.gif" height="1" width="1" alt="" /></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706737557",

"url": "https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706737557",

"name": "View Pull Request"

},

"description": "View this Pull Request on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>