Context Navigation

← Previous Change
Next Change →

MessageNotifier.java

Timestamp:

2024-02-21T21:26:18+01:00 (2 years ago)

Author:

taylor.smock

Message:

Fix #22810: OSM OAuth 1.0a/Basic auth deprecation and removal

As of 2024-02-15, something changed in the OSM server configuration. This broke
our OAuth 1.0a implementation (see #23475). As such, we are removing OAuth 1.0a
from JOSM now instead of when the OSM server removes support in June 2024.

For third-party OpenStreetMap servers, the Basic Authentication method has been
kept. However, they should be made aware that it may be removed if a non-trivial
bug occurs with it. We highly recommend that the third-party servers update to
the current OpenStreetMap website implementation (if only for their own security).

Failing that, the third-party server can implement RFC8414. As of this commit,
we currently use the authorization_endpoint and token_endpoint fields.
To check and see if their third-party server implements RFC8414, they can go
to <server host>/.well-known/oauth-authorization-server.

Prominent third-party OpenStreetMap servers may give us a client id for their
specific server. That client id may be added to the hard-coded client id list
at maintainer discretion. At a minimum, the server must be publicly
available and have a significant user base.

File:

: 1 edited

trunk/src/org/openstreetmap/josm/io/MessageNotifier.java (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/org/openstreetmap/josm/io/MessageNotifier.java

-              r18650
+              r18991
             try {
                 if (JosmPreferencesCredentialAgent.class.equals(credManager.getCredentialsAgentClass())) {
+                    if (OsmApi.isUsingOAuth(OAuthVersion.OAuth10a)) {
+                        return credManager.lookupOAuthAccessToken() != null;
+                    } else if (OsmApi.isUsingOAuth(OAuthVersion.OAuth20) || OsmApi.isUsingOAuth(OAuthVersion.OAuth21)) {
+                    if (OsmApi.isUsingOAuth(OAuthVersion.OAuth20) || OsmApi.isUsingOAuth(OAuthVersion.OAuth21)) {
                         return credManager.lookupOAuthAccessToken(OsmApi.getOsmApi().getHost()) != null;
                     } else if (OsmApi.isUsingOAuth()) {

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 18991 in josm for trunk/src/org/openstreetmap/josm/io/MessageNotifier.java

Legend:

trunk/src/org/openstreetmap/josm/io/MessageNotifier.java

Download in other formats: