[openstreetmap-website] Revoking oauth token (#1150)
Pavel ZbytovskĂ˝
notifications at github.com
Fri Feb 5 10:41:56 UTC 2016
Hello Tom,
firstly, thanks for replying. I havent probably expressed myself correctly, let me explain.
- We need users to autheticate to www.openstreetmap.cz website, because we are building a POI edit tool (see [demo](http://openstreetmap.cz/#map=15/50.1075/14.2754&layers=A)). And in order to let users commit changesets to OSM, we need the access token. Also in near future, we would like to launch our own iD instance with some additional features.
I save the token to the database - but once the user lost his cookie, I dont have any other means of identification. Would you agree, that forcing him to create specific set of login/password for our website is really unfriendly?
So everything works just fine, with the issue that every time user forgots his cookie, i request a new token. (btw, same issues goes for this project as well https://github.com/osmlab/osm-auth)
Thanks for pointing me to the specs, I found it before as well. But token revocation was introduced in OAuth2.0 - but osm.org uses OAuth1.0. So i guessed that maybe you implemented the token-revocation endpoint in current website. Thats why i was trying to call it. But when i call it - i get status 403 .
Regarding the fact the revocation endpoint already exist (only for ruby in-app requests), would you mind to allow accessing it with valid oauth token as well?
---
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/1150#issuecomment-180289642
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20160205/90286e86/attachment.html>
More information about the rails-dev
mailing list