[OSM-dev] Using native social SDK for signing in to OSM on mobile

Greg Troxel gdt at ir.bbn.com
Mon Dec 28 18:03:35 UTC 2015


Simon Poole <simon at poole.ch> writes:

> If I understand Ilya correctly what he wants to avoid is (the hassle of)
> the authorisation step when using OAuth. During this process you need to
> login to openstreetmap.org with your credentials and then confirm that
> the app is allowed to access the API on your behalf.
>
> To see what is involved in practical terms you can try to use the HOT
> task manager, maproulette etc (or on a mobile device Vespucci, I assume
> Go Map! uses OAuth too, as any current third party app for OSM should).

Thanks; I am begininng to understand.  I dimly remember that Vespucci
used to store username/paassword, but recently I tried to upload some
changes and had to go through the oauth process.  Other than having to
know my osm password it was quite trivial, requiring typing 'gdt' and
the password and then changing a few checkboxes.   This seems like a
very nice solution and I particularly appreciate the fine-grained
permissions.

> The authorisation is a one time process (per app) and as such I'm not
> quite convinced that the whole discussion isn't a solution looking for a
> problem, but Ilya is correct in that it does involve the hassle of
> people remembering their google/FB/whatever password. Naturally on a
> mobile device you want to minimize typing in any case so I'm mildly in
> support of at least investigating what this would entail (it is unlikely
> that we would use a proprietary solution in Vepsucci though, on other
> devices and with other apps the trade-offs might be different).

The word "social" (that you didn't use :-) seems confounding in this
discussion.

So is the notion:

  One could link some third-party openid/openauth provider to one's OSM
  account, either manually, or because it was used to sign up.

  On a device, one might already be authorized for this third-party
  openauth/openid provider.

  A program that does OSM stuff (Vespucci, OsmAnd, firefox) might then
  authorize to osm.org via this third-party provider, requiring only a
  yes click to an "authorize to osm via foo" popup?

<channeling rms>
That seems harmless enough as long as it doesn't lead to proprietary
software showing up in Free programs,  doesn't result in any data
flowing to those third-party sites for users that don't already have a
relationship with them, and doesn't lead to apps suggesting that people
sign up with these other places.
</>

> The above is a separate but related issue to making the signup process
> "mobile friendly"  see
> https://github.com/openstreetmap/openstreetmap-website/issues/894 for a
> longish discussion.

Thanks for the link.  That mostly makes sense, except for the notion
that Android is unusable without a Google account.  I will agree with
"base Android with google stuff (vs CM) is hostile to those without a
google account" though.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 180 bytes
Desc: not available
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20151228/8da86af6/attachment.sig>


More information about the dev mailing list