API authentication doesn't work

[SviMik]

Hi,

What I'm trying to do is OpenStreetCam authentication from http://api.openstreetcam.org/api/doc.html

The request is:

POST /auth/openstreetmap/client_auth HTTP/1.1
Host: openstreetcam.org
Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Content-Length: 108

request_token=PaHRFkWZAZq73lM24Bm5R0vvRebvhQ5tCDDVLoPz&secret_token=P0UR73OcX***redacted***bLltW1Vt3PRgicRVv

The response is:

HTTP/1.1 400 Bad Request
Date: Wed, 24 Jun 2020 01:01:46 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.2.31
Access-Control-Allow-Origin: *
X-Powered-By: PHP/7.2.31
Cache-Control: no-cache
Vary: Accept-Encoding
Content-Length: 127
Content-Type: application/json
Set-Cookie: PHPSESSID=b929fe54afcd061912b50b507fc40a52; expires=Thu, 24-Jun-2021 06:50:32 GMT; Max-Age=31556926; path=/
Connection: close

{"status":{"apiCode":"690","apiMessage":" An unexpected server error has occurred","httpCode":400,"httpMessage":"Bad Request"}}

I've tried to google for examples of "/auth/openstreetmap/client_auth" requests, but the only code I have found is this really old: http://www.java2s.com/example/java-src/pkg/ca/osmcanada/osvuploadr/jpmain-423ea.html I'm not really good at Java, but at first glance everything is same (minus the the domain which isn't openstreetview anymore).

Am I missing something?

[SviMik]

If anyone was looking for doing the same, here are steps that aren't obvious:

1. Use OSC token to authenticate on OSM instead of your own app token
2. Pass oauth_callback to return to your app
3. When oauth_callback is passed, using oauth_verifier becomes mandatory, don't forget to pass it to the access_token request