[openstreetmap-website] Revoking oauth token (#1150)
Pavel ZbytovskĂ˝
notifications at github.com
Thu Feb 4 14:25:41 UTC 2016
Hi,
we are using oauth as a login method at www.openstreetmap.cz, but there is an issue -> every time user logs in a new "Oauth access token" is created.
When I obtain a valid access token (oauth_token + oauth_token_secret), i would need to revoke the old pair i saved in the database. (Alternative would be to revoke the newly obtained and use the old one)
On the OSM website there is a resource `POST https://www.openstreetmap.org/oauth/revoke` which is invoked as a form submit - with:
```
utf8=%E2%9C%93
&authenticity_token=...
&token=...&commit=Odvolat%21
```
I know the token, but **how to construct the authenticity_token**?
-----------------
btw, I tried POSTing to this resource the same way I request api, but it responds with 403.
```php
$this->oauth->fetch('https://www.openstreetmap.org/oauth/revoke', [
'token' => $this->getSession('oauth')->token
], OAUTH_HTTP_METHOD_POST);
```
Also i tried to find in this repo, where is the authenticity_token constructed, but didnt find it.
Thanks for help from czech community :-)
---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1150
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20160204/555ed06f/attachment.html>
More information about the rails-dev
mailing list