OAuth 2.0 in JOSM not working: missing client_id

[natrius]

Bug description Opening JOSM, changing OSM-Server to https://api.openhistoricalmap.org/api - validate is OK. Get Token, login in Browser, browser showing error

JOSM has changed, i can now press "authorise now (automatically)" that opens the browser and shows the same error.

When closing

What should be happening? Clicking "Get new Token", logging in in browser in OHM, getting redirected back to browser, start editing.

Versions

• Windows 11 (Tried also yesterday with Windows 10)
• Firefox 131.0.3 (64-bit)
• JOSM 19230 (installed with .msi, not the .jar)

[1ec5]

Thanks for the report. We verified in https://github.com/OpenHistoricalMap/issues/issues/610#issuecomment-2007829916 that OAuth 2 was working, so something might’ve regressed.

i can now press "authorise now (automatically)"

In version 19230 on macOS, the “Authorize now (Fully automatic)” button is always disabled for me, but maybe I’m doing something wrong.

I see this comment from @tsmock back in June that seems to corroborate the report here about client_id. @Rub21, can you verify that the OAuth 2 workflow is still working in production?

[Rub21]

Hey @natrius, thanks for reporting this! Could you try using https://www.openhistoricalmap.org as the OSM Server URL? That should work.

@1ec5 Additionally, the reason it didn’t enable the button is because the URL is hardcoded in the JOSM code here: https://github.com/JOSM/josm/blob/master/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java#L134-L137. So, to enable the button “Authorize now (Fully automatic),” use https://www.openhistoricalmap.org.

[Rub21]

I opened a ticket at https://josm.openstreetmap.de/ticket/23988#ticket. There may be a user with access to the JOSM code code who could help us.

[natrius]

I mean, not hardcoded would be the best, obviously, but it could be enought to write the correct OSM Server-URL there https://wiki.openstreetmap.org/wiki/OpenHistoricalMap/JOSM and https://wiki.openstreetmap.org/wiki/OpenHistoricalMap/JOSM ? In both its https://api.openhistoricalmap.org/api

I will change the api to www and will try again.

[tsmock]

Non-hardcoded would be better, but (AFAIK) there is no "good" way to do the secrets without hardcoding in some manner. Ideally, we could just call an endpoint on the server to get the secret (example: RFC7591).

I could technically put this information in a JSON or XML file and distribute that in the JOSM jar file. This doesn't really have an advantage over hardcoding in source code though.

[Rub21]

I mean, not hardcoded would be the best, obviously, but it could be enought to write the correct OSM Server-URL there

For some reason to enable the button "Authorize now (Fully automatic),” it need to pass the condition in the JOSM code . https://github.com/JOSM/josm/blob/master/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java#L134-L137 ,

[natrius]

Using https://www.openhistoricalmap.org/api btw works and lets me validate through website without error.

I changed the server URL in wiki on

• https://wiki.openstreetmap.org/wiki/OpenHistoricalMap/JOSM
• https://wiki.openstreetmap.org/wiki/OpenHistoricalMap/Contributing

(From my side this issue could be closed now?)

[Rub21]

Nice, closing this ticket here!!

[1ec5]

Ah OK, we added api.openhistoricalmap.org in #719 for consistency with the default api.openstreetmap.org setting. I think I had asked for that because otherwise some JOSM commands like “View changeset in browser” would go to a bogus URL.