[OSM-dev] OAuth down

Pierre GIRAUD pierre.giraud at gmail.com
Fri Nov 18 16:59:18 GMT 2011


Oh, thanks !

Giving details on what you did on the tester helped me a lot.
I can confirm that the callback is correctly used.
The difference is that I used to set the callback in the authorize
call. Putting it earlier in request_token request helped me going a
step further.

I still have problems because things now fail on the access_token. I
will dig into it and keep you inform.

Thanks a lot for your help.

Pierre

ps: are you aware that JOSM cannot authenticate using (explicitely)
the OAuth protocol? It does with the basic authentication though.

On Fri, Nov 18, 2011 at 5:16 PM, Tom Hughes <tom at compton.nu> wrote:
> On 17/11/11 22:31, Pierre GIRAUD wrote:
>
>> I suspect something goes wrong in the "oauth1_authorize" method:
>>
>> https://github.com/pelle/oauth-plugin/blob/master/lib/oauth/controllers/provider_controller.rb#L101
>>
>> If I understand correctly, the browser should be redirected to
>> "redirect_url". This "redirect_url" value comes either:
>>  - from the application settings (as set by user when registering the
>> application) if "oob" is given as value for "oauth_callback",
>>  - or, from the "oauth_callback" value set in parameters if not equal to
>> "oob".
>>
>> If "redirect_url" is empty, then "authorize success" is rendered.
>>
>> I'm pretty sure that the latter is the case I'm currently facing.
>>
>> Can someone please confirm I'm right?
>
> That's about right, yes.
>
>> Once again, as a test, you can try to login in
>> http://tasks.hotosm.org, or maybe use this client tester
>> http://term.ie/oauth/example/client.php.
>> I can provide advices on how to use the latter.
>
> Thanks for that link to the client tester. I've just tried that, both
> against my dev server and against the live server, and it both seem to work
> for me. Here's what I did.
>
>  - Registered an application with no callback
>
>  - Used the test client to get a request token against
>    /oauth/request_token?oauth_callback=http://compton.nu/
>
>  - Use the test client to authorize the resulting token
>    against /oauth/authorize
>
> and after authorizing the client on the OSM site I was redirected to
> http://compton.nu/ as expected.
>
> Tom
>
> --
> Tom Hughes (tom at compton.nu)
> http://compton.nu/
>



-- 
-------------------------------------------------------------
  | Pierre GIRAUD
  | http://pierrelebricoleur.blogspot.com
  | http://www.flickr.com/photos/pierregiraud
-------------------------------------------------------------



More information about the dev mailing list