[openstreetmap/openstreetmap-website] API key dispenser (#2145)

Sun Oct 11 17:49:15 UTC 2020

Yes, Overpass could use that token to query the user details endpoint (see screenshot below).

The only difference I see is that Overpass wouldn't be able to figure out, if the token has been requested for an entirely different app, and just passed on to Overpass. In case of the introspection endpoint, you could ensure that the token matches the application that has been registered before for Overpass purposes. I think that was one of the assumptions Roland made, hence I included it in my example.

![Bildschirmfoto von 2020-10-11 19-40-03](https://user-images.githubusercontent.com/5842757/95685682-af418100-0bf9-11eb-97df-ec225ae93b14.png)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/2145#issuecomment-706741210
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20201011/05df55b0/attachment.htm>