[OSM-dev] Querying OAuth access token permissions
Christoph Bünte
tiny-grasshopper at gmx.net
Fri Apr 20 12:49:19 BST 2012
Am 20.04.2012 um 13:31 schrieb Tom Hughes:
> On 20/04/12 12:13, Christoph Bünte wrote:
>
>> But is there a way to find out if the user which permissions the user actually granted? In particular, we would like to know whether the access token can change the map. We know the recommended way is to just try an API call which requires the specific permission. Our infrastructure queues all changes to the osm data and works it off later to be independent from OSM API status. But when the job is worked off it is too late to tell the user, that permissions are missing.
>
> Not at the moment, but it would be easy enough to add it to the user details API call (/api/0.6/user/details).
It would be very nice to have this feature added. Is there anything we can do to assist? We could try ourselves and send a pull request.
However, the mentioned API call might not be the best place to put it, because:
* You need the permission "Read user preferences" to call it
* The information is not specific to the user, but to the access token
So we think a better solution would be:
* a separate API endpoint e.g. "/api/0.6/permissions", which would returns a list of granted permissions
* or include this information in the OAuth callback response
What do you think about that?
Christoph
More information about the dev
mailing list