OAuth 2.0

[pnorman]

OSM is deprecating OAuth 1.0a and HTTP Basic Auth.

Your application was identified as making HTTP Basic Auth calls, which will stop working later this year. We are still working out a precise timeline.

[Zaczero]

I don't understand why would such a simple script application require use of Authorization Flows. I believe OAuth 2.0 is not a feasible authorization alternative for this kind of project. A PAT tokens system would be a much better alternative and could be based on the OAuth 2.0 in the backend for reduced code burden.

[westnordost]

With all due respect, do not shit in my issue tracker. I find it presumptuous that you find it necessary to protest on my behalf of what is none of your business.

[westnordost]

Well, I think I could remove auth altogether, as it is only making public calls and it doesn't seem to be realistic that these API calls will be made into API calls that can only be done with a logged in user only anytime soon.

[mmd-osm]

It seems EWG is starting a new attempt at the GDPR topic. Some of the map notes API endpoints are currently listed as "disallow call" (https://wiki.openstreetmap.org/wiki/GDPR/Affected_Services), i.e. you would need some sort of authentication to call these endpoints, once this gets implemented.

I'm not exactly clear if EWG will make much progress on this topic in 2024. Maybe you could keep an eye on what they're planning.

[westnordost]

Hmm, thanks. Maybe I'll then just get an access token manually and put it into the conf of that script

[Zaczero]

@westnordost I only replied because I always thought streetcomplete is a community project. Now I'll remember that it is just "your" project. Cheers.

[matkoniecz]

I think I could remove auth altogether, as it is only making public calls

In my experience not authenticated calls are getting throttled far faster than authenticated calls, so doing read only calls on larger scale still does need this.

I am not entirely sure about this, not checked code, but it seemed a clear pattern to me.

[westnordost]

Hey, what are you doing? Didn't you see that the issue is closed?

El 21 de enero de 2024 7:41:06 CET, Mateusz Konieczny @.***> escribió:

I think I could remove auth altogether, as it is only making public calls

In my experience not authenticated calls are getting throttled far faster than authenticated calls, so doing read only calls on larger scale still does need this.

-- Reply to this email directly or view it on GitHub: https://github.com/streetcomplete/sc-photo-service/issues/12#issuecomment-1902531419 You are receiving this because you modified the open/close state.

Message ID: @.***>