[OSM-dev] OSMand Live can steal your money
Paul Norman
penorman at mac.com
Fri Jan 12 22:32:10 UTC 2018
On 1/12/2018 6:03 AM, Andy Allan wrote:
> In general, I'd like to disable HTTP Basic Auth to our API, and only
> use OAuth. This removes any need to share your OSM password with third
> parties. However, developers often find it easier to build
> integrations using basic auth, so I can imagine some opposition to
> this.
Do we need some terms for the API covering this kind of stuff? Right now
it's not clear that a service that stores your OSM password server-side
is violating anything.
More information about the dev
mailing list