
<p></p>

<h3 dir="auto">URL</h3>

<p dir="auto"><a href="https://www.openstreetmap.org/oauth2/authorized_applications" rel="nofollow">https://www.openstreetmap.org/oauth2/authorized_applications</a></p>

<h3 dir="auto">How to reproduce the issue?</h3>

<p dir="auto">Since the "Permissions" column is next to the "Revoke access" button, you'd think those are the permissions that were requested by the client app and granted by the user. But actually they are all possible permissions the app can have, which were specified during the app registration.</p>

<p dir="auto">One way to see this:</p>

<ol dir="auto">

<li>register an app with some permissions</li>

<li>request a token with those permissions</li>

<li>see those permissions appear in the table on <a href="https://www.openstreetmap.org/oauth2/authorized_applications" rel="nofollow">https://www.openstreetmap.org/oauth2/authorized_applications</a></li>

<li>edit the app and add more permissions</li>

<li>see the permissions you've just added also appear in the table</li>

<li>do a token introspection (<code class="notranslate">oauth2/introspect</code>) or osm api permissions check (<a href="https://api.openstreetmap.org/api/0.6/permissions" rel="nofollow">https://api.openstreetmap.org/api/0.6/permissions</a>) and see that you don't have those extra permissions</li>

</ol>

<h3 dir="auto">Screenshot(s) or anything else?</h3>

<p dir="auto"><em>No response</em></p>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/4124">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLO3GD7JS5WSTOI6YRLXS2EZBANCNFSM6AAAAAA25JOFZU">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLJVKNEL573OH5JUQI3XS2EZBA5CNFSM6AAAAAA25JOFZWWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHGZ5IDFI.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/4124</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/openstreetmap/openstreetmap-website/issues/4124",

"url": "https://github.com/openstreetmap/openstreetmap-website/issues/4124",

"name": "View Issue"

},

"description": "View this Issue on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>