[OSM-dev] Changeset Revert Tool

Matt Amos zerebubuth at gmail.com
Thu Apr 23 11:20:41 BST 2009

On Wed, Apr 22, 2009 at 7:43 AM, Frederik Ramm <frederik at remote.org> wrote:
> Something like
> * user tells application "please revert changeset"
> * application redirects user to API
> * API tells user "please authenticate for application X"
> * user enters credentials
> * API redirects user back to application, with magic token
> * application makes API requests using magic token
> I don't know how far existing technologies can be used to achieve this;
> I believe OpenAuth only goes so far as to tell the application "yes,
> that guy really is user abc123 at my site", it doesn't do the second bit.

OAuth does the second bit too. :-)

we can certainly limit the scope of the OAuth token to a particular
changeset, or to particular API calls, allowing users pretty
fine-grained control over what 3rd party apps are allowed to do on
their behalf.



More information about the dev mailing list