[openstreetmap/openstreetmap-website] blocks with needs_view flag not shown when user does oauth authorisation (for example login into an OSM editor) (Issue #5490)
Anton Khorev
notifications at github.com
Mon Jan 13 13:14:24 UTC 2025
> I know, that is why I specifically put "reasonable" filter word. I know about workarounds like showing 403 response message and about [streetcomplete/StreetComplete#6062 (comment)](https://github.com/streetcomplete/StreetComplete/issues/6062#issuecomment-2565450817)
Deleting the token is a workaround. This workaround is not going to work for non-needs_view blocks. You're not even asking to make it work for non-needs_view blocks.
Sending the user to `/login?referer=%2Fuser%2Fusername%2Fblocks` is a workaround that somewhat works for non-needs_view blocks too and is not affected by GDPR. (*)
Don't care about non-needs_view blocks and want a simpler workaround? Send users to `/login`. (**)
But what if the token is actually invalid? Isn't it useless to do (*) or (**) in this case? You can check the token at `/oauth2/introspect`, hopefully a *reasonable* endpoint to check tokens that works even for blocked users. Again, deleting a valid token and sending the user to get a new one because you want the side-effect of them also seeing the block message is a workaround.
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2587074465
You are receiving this because you are subscribed to this thread.
Message ID: <openstreetmap/openstreetmap-website/issues/5490/2587074465 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20250113/7227c38e/attachment.htm>
More information about the rails-dev
mailing list