[openstreetmap-website] Revoking oauth token (#1150)

Tom Hughes notifications at github.com
Thu Feb 4 14:35:51 UTC 2016


Firstly, why are you generating a new token every time if you've still got a valid token in the database?

Secondly, we provide OAuth so you can authenticate people to perform access on openstreetmap.org not so that you can use our database to authenticate users to your web site, and we do not support such (ab)uses of it.

Thirdly, use the OAuth specification to learn how to use OAuth rather than trying to guess from what our web site code does... For the record the `authenticity_token` is standard parameter that rails attaches to all forms as a security measure but it will be ignored by API methods like that.

---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1150#issuecomment-179873631
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20160204/76d92f29/attachment.html>


More information about the rails-dev mailing list