Develop/Single sign on

From OpenStreetMap Wiki
Jump to: navigation, search
Available languages — Develop/Single sign on
Afrikaans Alemannisch aragonés asturianu azərbaycanca Bahasa Indonesia Bahasa Melayu Bân-lâm-gú Basa Jawa Baso Minangkabau bosanski brezhoneg català čeština dansk Deutsch eesti English español Esperanto estremeñu euskara français Frysk Gaeilge Gàidhlig galego Hausa hrvatski Igbo interlingua Interlingue isiXhosa isiZulu íslenska italiano Kiswahili Kreyòl ayisyen kréyòl gwadloupéyen kurdî latviešu Lëtzebuergesch lietuvių magyar Malagasy Malti Nederlands Nedersaksies norsk norsk nynorsk occitan Oromoo oʻzbekcha/ўзбекча Plattdüütsch polski português română shqip slovenčina slovenščina Soomaaliga suomi svenska Tiếng Việt Türkçe Vahcuengh vèneto Wolof Yorùbá Zazaki српски / srpski беларуская български қазақша македонски монгол русский тоҷикӣ українська Ελληνικά Հայերեն ქართული नेपाली मराठी हिन्दी অসমীয়া বাংলা ਪੰਜਾਬੀ ગુજરાતી ଓଡ଼ିଆ தமிழ் తెలుగు ಕನ್ನಡ മലയാളം සිංහල ไทย မြန်မာဘာသာ ລາວ ភាសាខ្មែរ ⵜⴰⵎⴰⵣⵉⵖⵜ አማርኛ 한국어 日本語 中文(简体)‎ 吴语 粵語 中文(繁體)‎ ייִדיש עברית اردو العربية پښتو سنڌي فارسی ދިވެހިބަސް

The OpenStreetMap project would ideally support single sign on across the editing interface, the wiki, and the other systems. Several different types of Accounts are in use. Unification of the logins/accounts would, of course, be a good idea. It has been discussed before, but it's a bit of development effort which hasn't happened yet. There are also complications around policies for changing user name.

A basic discussion of what is involved in any single sign-on scheme, technically, is here:

People involved

It would be nice to have a list of persons who are actively working on this issue and what they are doing. Perhaps you should also make a note at the general People involved Page


For a list of services look at the Account page.



One proposal was to make everything support OpenID. This could run alongside, as an alternative login mechanism for people who want single sign on.

Some installation effort, but zero development effort!

(google for OpenID discussions)

Full on integration

All methods of the OSM Protocol require the basic HTTP authentication i.e. username & password are sent (unencrypted) in the request header for every request. See HTTP Protocol Specification#HTTP-Authentication for more detail.

You can try this out with your browser by calling the user/details method

Some original notes by Rickm and Dee who were originally planning something:

Set up single sign on, base table in OSM

Leaves a problem of matching emails to MW accounts and OSM "Display names".

  • Create phpBB code to authorise via OSM. start of coding
  • Make it so all sites use a single cookie to store sign on data, so only logging in once or less per session is needed


Kerberos support for Mozilla Browsers

Apache Kerberos support


OAuth may help us to achieve single sign on, although we will still encounter some of the tricky problems with usernames between the two systems. Essentially we will be implementing full on integration, with OAuth as mechanism to pass tokens between the apps. OAuth is something we have implemented on OSM accounts anyway, for other reasons (for authorization of 3rd party apps) Using OAuth for single sign on with the wiki may now be possible

See also