[OSM-dev] OAuth
Tom Hughes
tom at compton.nu
Sat Jun 27 15:17:56 BST 2009
Frederik Ramm wrote:
> Is the application required to keep track of which operations are
> allowed with the token and which aren't? I mean, if I am the application
> and I send my user over to OSM to get permission for reading his
> preferences, and later I want to make an edit in the user's name and try
> to use that same token - will this then simply fail, and would I then
> send the user to OSM again to upgrade the token, or would I get a new
> token then? Or would I always check with OSM first wether what I'm about
> to do is allowed with the token?
Matt knows more about how it all works than me but you will certainly
need to do something to either upgrade or replace the token.
> Has there been any discussion, or even consensus, on the lifetime of
> tokens? Will this be left to the user? Will they be valid until revoked?
They last forever unless explicitly revoked I believe.
Tom
--
Tom Hughes (tom at compton.nu)
http://www.compton.nu/
More information about the dev
mailing list