[OSM-dev] OAuth

Frederik Ramm frederik at remote.org
Sat Jun 27 14:04:50 BST 2009


Hi,

Tom Hughes wrote:
>> * allow third party applications to identify an OSM user so that they 
>> can, for example, store local preferences under that username?
> 
> I'm not sure what you mean by "identify" in this context, but one of the 
> permissions an application can ask for is the ability to read and/or 
> write to a users preferences (read and write are separate permissions).

I would want a third-party application to know that whoever they are 
talking to is the OSM user so-and-so, that's all - so that the 
application can e.g. save application-local preferences for that user 
without having to use an extra login/password to that site.

> OAuth is not about providing third party authentication 

I know but it can be a useful side effect, can it not? Or does the 
protocol not hand out the username - would I have to ask for edit 
permission, then write a new node somewhere using the token I got, then 
use an API read request to know the user name ;-)?

> The permissions currently implemented are:
> 
>   - Read preferences
>   - Write preferences
>   - Create diary entries and comments and add new friends
>   - Make edits using the API
>   - Read the users GPX traces, including private ones
>   - Add new GPX traces

Very good, and already much more than I had expected.

> One thing I'm interested in peoples thoughts on is the third of those 
> which covers several different things - would those be better split up?

Personally I don't think that we even need that much granularity but if 
it doesn't hurt to provide it, I'm sure someone will have use for it.

Bye
Frederik





More information about the dev mailing list