Develop/Single sign on

From OpenStreetMap Wiki
Jump to: navigation, search

The OpenStreetMap project would ideally support single sign on across the editing interface, the wiki, and the other systems. Several different types of Accounts are in use. Unification of the logins/accounts would, of course, be a good idea. It has been discussed before, but it's a bit of development effort which hasn't happened yet. There are also complications around policies for changing user name.

A basic discussion of what is involved in any single sign-on scheme, technically, is here:

People involved

It would be nice to have a list of persons who are actively working on this issue and what they are doing. Perhaps you should also make a note at the general People involved Page


For a list of services look at the Account page.



One proposal was to make everything support OpenID. This could run alongside, as an alternative login mechanism for people who want single sign on.

Some installation effort, but zero development effort!

(google for OpenID discussions)

Full on integration

All methods of the OSM Protocol require the basic HTTP authentication i.e. username & password are sent (unencrypted) in the request header for every request. See HTTP Protocol Specification#HTTP-Authentication for more detail.

You can try this out with your browser by calling the user/details method

Some original notes by Rickm and Dee who were originally planning something:

Set up single sign on, base table in OSM

Leaves a problem of matching emails to MW accounts and OSM "Display names".

  • Create phpBB code to authorise via OSM. start of coding
  • Make it so all sites use a single cookie to store sign on data, so only logging in once or less per session is needed


Kerberos support for Mozilla Browsers

Apache Kerberos support


OAuth may help us to achieve single sign on, although we will still encounter some of the tricky problems with usernames between the two systems. Essentially we will be implementing full on integration, with OAuth as mechanism to pass tokens between the apps. OAuth is something we have implemented on OSM accounts anyway, for other reasons (for authorization of 3rd party apps) Using OAuth for single sign on with the wiki may now be possible

See also