<p></p>
<h3 dir="auto">Problem</h3>
<p dir="auto">OAuth 2 does not allow granting permissions partially, which was possible with OAuth 1.0a.</p>
<p dir="auto">This may scare off some privacy / security-aware users from using software that <strong>can</strong> e.g. create notes, upload GPX tracks etc. but doesn't need these permissions when these features are not used.</p>
<h3 dir="auto">Description</h3>
<p dir="auto">Using authorization with OAuth 1.0a, it was possible for users to choose which of the permissions an application requests are granted. Which of these permissions were actually granted then could be queried with <code class="notranslate">/permissions</code> endpoint. This seems to be not possible with OAuth 2.0 scopes anymore.</p>
<p dir="auto">As the author and maintainer of StreetComplete, I actually did get several requests and inquiries why the app needs the "create note" as well as the "read/write gpx tracks" permission.</p>
<p dir="auto">As the latter is only used for a relatively minor and difficult to discover feature, it was made optional following <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1272393277" data-permission-text="Title is private" data-url="https://github.com/streetcomplete/StreetComplete/issues/4122" data-hovercard-type="issue" data-hovercard-url="/streetcomplete/StreetComplete/issues/4122/hovercard" href="https://github.com/streetcomplete/StreetComplete/issues/4122">streetcomplete/StreetComplete#4122</a>. I.e. the user is able to not grant this particular permission and the app would work normally.</p>

<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/4360">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLMKIMQUI24DRHSZTYLYFTVO5AVCNFSM6AAAAAA7VAIXTOVHI2DSMVQWIX3LMV43ASLTON2WKOZSGAYDIOBXGU4TOMQ">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLLMKBERLFGS42PEDILYFTVO5A5CNFSM6AAAAAA7VAIXTOWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHHO772YQ.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/4360</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>
<script type="application/ld+json">[
{
"@context": "http://schema.org",
"@type": "EmailMessage",
"potentialAction": {
"@type": "ViewAction",
"target": "https://github.com/openstreetmap/openstreetmap-website/issues/4360",
"url": "https://github.com/openstreetmap/openstreetmap-website/issues/4360",
"name": "View Issue"
},
"description": "View this Issue on GitHub",
"publisher": {
"@type": "Organization",
"name": "GitHub",
"url": "https://github.com"
}
}
]</script>