
<p></p>

<p dir="auto">Back in <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2058266218" data-permission-text="Title is private" data-url="https://github.com/OpenHistoricalMap/issues/issues/662" data-hovercard-type="issue" data-hovercard-url="/OpenHistoricalMap/issues/issues/662/hovercard" href="https://github.com/OpenHistoricalMap/issues/issues/662">OpenHistoricalMap/issues#662</a>, we've been discussing to use osm.org as identity provider for other sites, such as our dev instances. This should make it easier for our users to try out new features, such as <a href="https://microcosms.apis.dev.openstreetmap.org" rel="nofollow">https://microcosms.apis.dev.openstreetmap.org</a>, without remembering a new user + password for the dev instance.</p>

<p dir="auto">I'm documenting all required steps here. For discussion...</p>

<h3 dir="auto">Add omniauth_openid_connect gem</h3>

<p dir="auto">Link: <a href="https://github.com/omniauth/omniauth_openid_connect">https://github.com/omniauth/omniauth_openid_connect</a></p>

<pre class="notranslate"><code class="notranslate">diff --git a/Gemfile b/Gemfile

index fcf2ceb4d..f3bc8eac9 100644

--- a/Gemfile

+++ b/Gemfile

@@ -83,6 +83,7 @@ gem "omniauth-google-oauth2", ">= 0.6.0"

 gem "omniauth-mediawiki", ">= 0.0.4"

 gem "omniauth-microsoft_graph"

 gem "omniauth-openid"

+gem "omniauth_openid_connect"

 gem "omniauth-rails_csrf_protection", "~> 1.0"

</code></pre>

<h3 dir="auto">Trust osm.org as email provider</h3>

<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-en">diff</span> --<span class="pl-en">git</span> <span class="pl-en">a</span>/<span class="pl-en">app</span>/<span class="pl-en">controllers</span>/<span class="pl-en">users_controller</span><span class="pl-kos">.</span><span class="pl-en">rb</span> <span class="pl-en">b</span>/<span class="pl-en">app</span>/<span class="pl-en">controllers</span>/<span class="pl-en">users_controller</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

<span class="pl-en">index</span> <span class="pl-c1">0830e51</span><span class="pl-en">d4</span>..<span class="pl-c1">8</span><span class="pl-en">f5485591</span> <span class="pl-c1">100644</span>

--- <span class="pl-en">a</span>/<span class="pl-en">app</span>/<span class="pl-en">controllers</span>/<span class="pl-en">users_controller</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

+++ <span class="pl-en">b</span>/<span class="pl-en">app</span>/<span class="pl-en">controllers</span>/<span class="pl-en">users_controller</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

@@ -<span class="pl-c1">197</span><span class="pl-kos">,</span><span class="pl-c1">7</span> +<span class="pl-c1">197</span><span class="pl-kos">,</span><span class="pl-c1">7</span> @@ <span class="pl-k">class</span> <span class="pl-v">UsersController</span> < <span class="pl-v">ApplicationController</span>

                      <span class="pl-en">when</span> <span class="pl-s">"openid"</span>

                        <span class="pl-en">uid</span><span class="pl-kos">.</span><span class="pl-en">match</span><span class="pl-kos">(</span><span class="pl-sr">%r{https://www.google.com/accounts/o8/id?(.*)}</span><span class="pl-kos">)</span> ||

                        <span class="pl-en">uid</span><span class="pl-kos">.</span><span class="pl-en">match</span><span class="pl-kos">(</span><span class="pl-sr">%r{https://me.yahoo.com/(.*)}</span><span class="pl-kos">)</span>

-                     <span class="pl-en">when</span> <span class="pl-s">"google"</span><span class="pl-kos">,</span> <span class="pl-s">"facebook"</span><span class="pl-kos">,</span> <span class="pl-s">"microsoft"</span><span class="pl-kos">,</span> <span class="pl-s">"github"</span><span class="pl-kos">,</span> <span class="pl-s">"wikipedia"</span>

+                     <span class="pl-en">when</span> <span class="pl-s">"google"</span><span class="pl-kos">,</span> <span class="pl-s">"facebook"</span><span class="pl-kos">,</span> <span class="pl-s">"microsoft"</span><span class="pl-kos">,</span> <span class="pl-s">"github"</span><span class="pl-kos">,</span> <span class="pl-s">"wikipedia"</span><span class="pl-kos">,</span> <span class="pl-s">"openstreetmap"</span>

                        <span class="pl-c1">true</span>

                      <span class="pl-k">else</span>

                        <span class="pl-c1">false</span></pre></div>

<h3 dir="auto">Add osm.org as new OIDC provider</h3>

<ul dir="auto">

<li>Scope is currently set to openid, maybe email would also be possible.</li>

<li>Settings probably need some more fine tuning.</li>

<li>Redirect URL should point to the respective site, such as microcosms</li>

</ul>

<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-en">diff</span> --<span class="pl-en">git</span> <span class="pl-en">a</span>/<span class="pl-en">config</span>/<span class="pl-en">initializers</span>/<span class="pl-en">omniauth</span><span class="pl-kos">.</span><span class="pl-en">rb</span> <span class="pl-en">b</span>/<span class="pl-en">config</span>/<span class="pl-en">initializers</span>/<span class="pl-en">omniauth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

<span class="pl-en">index</span> <span class="pl-en">bce82b3c9</span>..<span class="pl-c1">89702e6</span><span class="pl-en">ae</span> <span class="pl-c1">100644</span>

--- <span class="pl-en">a</span>/<span class="pl-en">config</span>/<span class="pl-en">initializers</span>/<span class="pl-en">omniauth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

+++ <span class="pl-en">b</span>/<span class="pl-en">config</span>/<span class="pl-en">initializers</span>/<span class="pl-en">omniauth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

@@ -<span class="pl-c1">27</span><span class="pl-kos">,</span><span class="pl-c1">11</span> +<span class="pl-c1">27</span><span class="pl-kos">,</span><span class="pl-c1">26</span> @@ <span class="pl-en">facebook_options</span> <span class="pl-c1">=</span> <span class="pl-kos">{</span> <span class="pl-pds">:name</span> <span class="pl-c1">=></span> <span class="pl-s">"facebook"</span><span class="pl-kos">,</span> <span class="pl-pds">:scope</span> <span class="pl-c1">=></span> <span class="pl-s">"email"</span><span class="pl-kos">,</span> <span class="pl-pds">:client_options</span> <span class="pl-c1">=></span>

 <span class="pl-en">microsoft_options</span> <span class="pl-c1">=</span> <span class="pl-kos">{</span> <span class="pl-pds">:name</span> <span class="pl-c1">=></span> <span class="pl-s">"microsoft"</span><span class="pl-kos">,</span> <span class="pl-pds">:scope</span> <span class="pl-c1">=></span> <span class="pl-s">"openid User.Read"</span> <span class="pl-kos">}</span>

 <span class="pl-en">github_options</span> <span class="pl-c1">=</span> <span class="pl-kos">{</span> <span class="pl-pds">:name</span> <span class="pl-c1">=></span> <span class="pl-s">"github"</span><span class="pl-kos">,</span> <span class="pl-pds">:scope</span> <span class="pl-c1">=></span> <span class="pl-s">"user:email"</span> <span class="pl-kos">}</span>

 <span class="pl-en">wikipedia_options</span> <span class="pl-c1">=</span> <span class="pl-kos">{</span> <span class="pl-pds">:name</span> <span class="pl-c1">=></span> <span class="pl-s">"wikipedia"</span><span class="pl-kos">,</span> <span class="pl-pds">:client_options</span> <span class="pl-c1">=></span> <span class="pl-kos">{</span> <span class="pl-pds">:site</span> <span class="pl-c1">=></span> <span class="pl-s">"https://meta.wikimedia.org"</span> <span class="pl-kos">}</span> <span class="pl-kos">}</span>

+<span class="pl-en">osm_oidc_options</span> <span class="pl-c1">=</span> <span class="pl-kos">{</span> <span class="pl-pds">:name</span> <span class="pl-c1">=></span> <span class="pl-pds">:openstreetmap</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:scope</span> <span class="pl-c1">=></span> <span class="pl-kos">[</span><span class="pl-pds">:openid</span><span class="pl-kos">]</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:issuer</span> <span class="pl-c1">=></span> <span class="pl-s">"https://www.openstreetmap.org"</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:discovery</span> <span class="pl-c1">=></span> <span class="pl-c1">true</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:response_type</span> <span class="pl-c1">=></span> <span class="pl-pds">:code</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:uid_field</span> <span class="pl-c1">=></span> <span class="pl-s">"preferred_username"</span><span class="pl-kos">,</span>

+                     <span class="pl-pds">:client_options</span> <span class="pl-c1">=></span> <span class="pl-kos">{</span>

+                       <span class="pl-pds">:port</span> <span class="pl-c1">=></span> <span class="pl-c1">443</span><span class="pl-kos">,</span>

+                       <span class="pl-pds">:scheme</span> <span class="pl-c1">=></span> <span class="pl-s">"https"</span><span class="pl-kos">,</span>

+                       <span class="pl-pds">:host</span> <span class="pl-c1">=></span> <span class="pl-s">"www.openstreetmap.org"</span><span class="pl-kos">,</span>

+                       <span class="pl-pds">:identifier</span> <span class="pl-c1">=></span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">openstreetmap_auth_id</span><span class="pl-kos">,</span>

+                       <span class="pl-pds">:secret</span> <span class="pl-c1">=></span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">openstreetmap_auth_secret</span><span class="pl-kos">,</span>

+                       <span class="pl-pds">:redirect_uri</span> <span class="pl-c1">=></span> <span class="pl-s">"http://127.0.0.1:3000/auth/openstreetmap/callback"</span>

+<span class="pl-en"></span>                     <span class="pl-kos">}</span> <span class="pl-kos">}</span>

 
 <span class="pl-en">google_options</span><span class="pl-kos">[</span><span class="pl-pds">:openid_realm</span><span class="pl-kos">]</span> <span class="pl-c1">=</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">google_openid_realm</span> <span class="pl-en">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:google_openid_realm</span><span class="pl-kos">)</span>

 
 <span class="pl-v">Rails</span><span class="pl-kos">.</span><span class="pl-en">application</span><span class="pl-kos">.</span><span class="pl-en">config</span><span class="pl-kos">.</span><span class="pl-en">middleware</span><span class="pl-kos">.</span><span class="pl-en">use</span> <span class="pl-v">OmniAuth</span>::<span class="pl-v">Builder</span> <span class="pl-k">do</span>

   <span class="pl-en">provider</span> <span class="pl-pds">:openid</span><span class="pl-kos">,</span> <span class="pl-en">openid_options</span>

+  <span class="pl-en">provider</span> <span class="pl-pds">:openid_connect</span><span class="pl-kos">,</span> <span class="pl-en">osm_oidc_options</span>

   <span class="pl-en">provider</span> <span class="pl-pds">:google_oauth2</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">google_auth_id</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">google_auth_secret</span><span class="pl-kos">,</span> <span class="pl-en">google_options</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:google_auth_id</span><span class="pl-kos">)</span>

   <span class="pl-en">provider</span> <span class="pl-pds">:facebook</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">facebook_auth_id</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">facebook_auth_secret</span><span class="pl-kos">,</span> <span class="pl-en">facebook_options</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:facebook_auth_id</span><span class="pl-kos">)</span>

   <span class="pl-en">provider</span> <span class="pl-pds">:microsoft_graph</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">microsoft_auth_id</span><span class="pl-kos">,</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">microsoft_auth_secret</span><span class="pl-kos">,</span> <span class="pl-en">microsoft_options</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:microsoft_auth_id</span><span class="pl-kos">)</span></pre></div>

<h3 dir="auto">Updated translations</h3>

<pre class="notranslate"><code class="notranslate">diff --git a/config/locales/en.yml b/config/locales/en.yml

index ac41952c7..08d3a6942 100644

--- a/config/locales/en.yml

+++ b/config/locales/en.yml

@@ -223,6 +223,7 @@ en:

       microsoft: Microsoft

       github: GitHub

       wikipedia: Wikipedia

+      openstreetmap: OpenStreetMap

   api:

     notes:

       comment:

@@ -2612,6 +2613,9 @@ en:

       wikipedia:

         title: Log in with Wikipedia

         alt: Wikipedia logo

+      openstreetmap:

+        title: Log in with OpenStreetMap

+        alt: OpenStreetMap logo

   oauth:

     authorize:

       title: "Authorize access to your account"

</code></pre>

<h3 dir="auto">Default settings.yml</h3>

<pre class="notranslate"><code class="notranslate">diff --git a/config/settings.yml b/config/settings.yml

index 71df9ad3d..bd4665381 100644

--- a/config/settings.yml

+++ b/config/settings.yml

@@ -143,6 +143,8 @@ fossgis_valhalla_url: "https://valhalla1.openstreetmap.de/route"

 #microsoft_auth_secret: ""

 #wikipedia_auth_id: ""

 #wikipedia_auth_secret: ""

+#openstreetmap_auth_id: ""

+#openstreetmap_auth_secret: ""

 # Thunderforest authentication details

 #thunderforest_key: ""

 # Tracestrack authentication details

</code></pre>

<h3 dir="auto">Provider list updated</h3>

<div class="highlight highlight-source-ruby" dir="auto"><pre class="notranslate"><span class="pl-en">diff</span> --<span class="pl-en">git</span> <span class="pl-en">a</span>/<span class="pl-en">lib</span>/<span class="pl-en">auth</span><span class="pl-kos">.</span><span class="pl-en">rb</span> <span class="pl-en">b</span>/<span class="pl-en">lib</span>/<span class="pl-en">auth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

<span class="pl-en">index</span> <span class="pl-c1">729772477</span>..<span class="pl-en">f89cdf38f</span> <span class="pl-c1">100644</span>

--- <span class="pl-en">a</span>/<span class="pl-en">lib</span>/<span class="pl-en">auth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

+++ <span class="pl-en">b</span>/<span class="pl-en">lib</span>/<span class="pl-en">auth</span><span class="pl-kos">.</span><span class="pl-en">rb</span>

@@ -<span class="pl-c1">10</span><span class="pl-kos">,</span><span class="pl-c1">6</span> +<span class="pl-c1">10</span><span class="pl-kos">,</span><span class="pl-c1">7</span> @@ <span class="pl-k">module</span> <span class="pl-v">Auth</span>

       <span class="pl-en">providers</span><span class="pl-kos">[</span><span class="pl-v">I18n</span><span class="pl-kos">.</span><span class="pl-en">t</span><span class="pl-kos">(</span><span class="pl-s">"auth.providers.microsoft"</span><span class="pl-kos">)</span><span class="pl-kos">]</span> <span class="pl-c1">=</span> <span class="pl-s">"microsoft"</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:microsoft_auth_id</span><span class="pl-kos">)</span>

       <span class="pl-en">providers</span><span class="pl-kos">[</span><span class="pl-v">I18n</span><span class="pl-kos">.</span><span class="pl-en">t</span><span class="pl-kos">(</span><span class="pl-s">"auth.providers.github"</span><span class="pl-kos">)</span><span class="pl-kos">]</span> <span class="pl-c1">=</span> <span class="pl-s">"github"</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:github_auth_id</span><span class="pl-kos">)</span>

       <span class="pl-en">providers</span><span class="pl-kos">[</span><span class="pl-v">I18n</span><span class="pl-kos">.</span><span class="pl-en">t</span><span class="pl-kos">(</span><span class="pl-s">"auth.providers.wikipedia"</span><span class="pl-kos">)</span><span class="pl-kos">]</span> <span class="pl-c1">=</span> <span class="pl-s">"wikipedia"</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:wikipedia_auth_id</span><span class="pl-kos">)</span>

+      <span class="pl-en">providers</span><span class="pl-kos">[</span><span class="pl-v">I18n</span><span class="pl-kos">.</span><span class="pl-en">t</span><span class="pl-kos">(</span><span class="pl-s">"auth.providers.openstreetmap"</span><span class="pl-kos">)</span><span class="pl-kos">]</span> <span class="pl-c1">=</span> <span class="pl-s">"openstreetmap"</span> <span class="pl-k">if</span> <span class="pl-v">Settings</span><span class="pl-kos">.</span><span class="pl-en">key?</span><span class="pl-kos">(</span><span class="pl-pds">:openstreetmap_auth_id</span><span class="pl-kos">)</span>

     <span class="pl-k">end</span><span class="pl-kos">.</span><span class="pl-en">freeze</span>

   <span class="pl-en">end</span>

 <span class="pl-en">end</span></pre></div>

<h3 dir="auto">Copy /app/assets/images/osm_logo.svg to /app/assets/images/auth_providers/openstreetmap.svg</h3>

<h3 dir="auto">Register new oauth2 application on osm.org with</h3>

<ul dir="auto">

<li>Redirect URIs:     <code class="notranslate">http://127.0.0.1:3000/auth/openstreetmap/callback  </code><br>

(this could include many different URLs, such as: <a href="https://microcosms.apis.dev.openstreetmap.org/auth/openstreetmap/callback" rel="nofollow">https://microcosms.apis.dev.openstreetmap.org/auth/openstreetmap/callback</a> )</li>

</ul>

<p dir="auto">Permissions:  Sign-in using OpenStreetMap (openid)</p>

<p dir="auto">Confidential application</p>

<h3 dir="auto">Copy client id + secret to settings.local.yml on microcosms rails instance</h3>

<pre class="notranslate"><code class="notranslate">openstreetmap_auth_id: "1SDBnVj815zwFN6cV70TiQlC50...."

openstreetmap_auth_secret: "R3TWRC9GdxzQTHWvspugOc..."


</code></pre>

<h3 dir="auto">Screenshots</h3>

<p dir="auto"><a href="https://github.com/user-attachments/assets/c2c3a147-6b92-4cf4-8cc7-c6e0b7a770ec">image.png (view on web)</a></p>

<p dir="auto">Email and display name are not taken over. I don't have admin permission on osm.org to define an OAuth2 app with email reading permissions. Maybe this would also work out of the box.</p>

<p dir="auto">Most importantly, users don't have to remember a separate logon + password for the dev instance, they can simply click on the "Log on with OpenStreetMap" button.</p>

<p dir="auto"><a href="https://github.com/user-attachments/assets/72591966-a470-4357-8d25-c37c2c06817f">image.png (view on web)</a></p>


<p style="font-size:small;-webkit-text-size-adjust:none;color:#666;">—<br />Reply to this email directly, <a href="https://github.com/openstreetmap/openstreetmap-website/issues/5063">view it on GitHub</a>, or <a href="https://github.com/notifications/unsubscribe-auth/AAK2OLO2S7BSPJEIMPAXRXLZQZMMDAVCNFSM6AAAAABMKBE7YSVHI2DSMVQWIX3LMV43ASLTON2WKOZSGQ2TSMRUHA4DKMI">unsubscribe</a>.<br />You are receiving this because you are subscribed to this thread.<img src="https://github.com/notifications/beacon/AAK2OLISLNDAT4XVUIPPOO3ZQZMMDA5CNFSM6AAAAABMKBE7YSWGG33NNVSW45C7OR4XAZNFJFZXG5LFVJRW63LNMVXHIX3JMTHJFFJI2M.gif" height="1" width="1" alt="" /><span style="color: transparent; font-size: 0; display: none; visibility: hidden; overflow: hidden; opacity: 0; width: 0; height: 0; max-width: 0; max-height: 0; mso-hide: all">Message ID: <span><openstreetmap/openstreetmap-website/issues/5063</span><span>@</span><span>github</span><span>.</span><span>com></span></span></p>

<script type="application/ld+json">[

{

"@context": "http://schema.org",

"@type": "EmailMessage",

"potentialAction": {

"@type": "ViewAction",

"target": "https://github.com/openstreetmap/openstreetmap-website/issues/5063",

"url": "https://github.com/openstreetmap/openstreetmap-website/issues/5063",

"name": "View Issue"

},

"description": "View this Issue on GitHub",

"publisher": {

"@type": "Organization",

"name": "GitHub",

"url": "https://github.com"

}

}

]</script>