OAuth/examples
< OAuth
Jump to navigation
Jump to search
Please note the Future deprecation of HTTP Basic Auth and OAuth 1.0a announcement: https://www.openstreetmap.org/user/pnorman/diary/401157 |
The following OAuth examples will help developers create new OpenStreetMap OAuth client software. The links give code snippets or fully working tools (with source code) in several programming languages. For more information see the general page on OAuth.
JavaScript
- iD editor uses it. See 'OAuth in javascript' blog post
- github.com/osmlab/osm-auth is the auth logic of iD ripped out to be re-usable.
- OAuth Server side Node.js examples - Explains how to safely do the OAuth process on the server side so that the keys and secrets of the consumer and user are kept secret.
Ruby
- OAuth ruby examples - code snippets in ruby
- Developing OAuth clients in Ruby - more on setting up the initial OAuth credentials
- sozialhelden/omniauth-osm - OpenStreetMap strategy for omniauth
Python
- OSM Fixer source code - Automated edit script
- OSM Tasking Manager source code - Web app which reads preferences via OAuth for identity
- hotosm/tasking-manager/blob/develop/backend/services/users/authentication_service.py#L56 GitHub Authentification code
- hotosm/tasking-manager/blob/develop/backend/services/users/osm_service.py#L16 GitHub API code
- python-social-auth - Framework for authenticating
Example using authlib
# using requests implementation
from authlib.integrations.requests_client import OAuth2Session
# using httpx implementation (async)
#from authlib.integrations.httpx_client import AsyncOAuth2Client
client_id = 'YOUR_CLIENT_ID'
client_secret = 'YOUR_CLIENT_SECRET'
user_agent = 'YourAppName/0.1'
# api scopes (see https://wiki.openstreetmap.org/wiki/OAuth)
scope = 'read_prefs write_api'
# URI to redirect to after successful authorization
redirect_uri = 'https://example.com/callback'
client = OAuth2Session(
client_id,
client_secret,
scope=scope,
redirect_uri=redirect_uri,
headers={'User-Agent': user_agent})
# generate authorization URL and state (save it for later)
uri, state = client.create_authorization_url('https://www.openstreetmap.org/oauth2/authorize')
# redirect the user to the authorization URL and wait for callback
print(uri)
# ...
# ...
# after authorization, capture the full callback URL
# replace `request.url` with the actual URL you received
callback_url = str(request.url)
# fetch the OAuth2 token using the state and callback URL
client.token = client.fetch_token(
'https://www.openstreetmap.org/oauth2/token',
state=state,
authorization_response=callback_url)
# make authenticated API request
r = client.get('https://api.openstreetmap.org/api/0.6/user/details.json')
r.raise_for_status()
print(r.json())
Example using requests_oauthlib and OAuth1 (***OAuth1 is deprecated***)
Assuming that you collected an access token from the API, you may call the API using this access token using the library requests oauthlib, using the Oauth1 Workflow
from requests_oauthlib import OAuth1Session
client = OAuth1Session(
client_key='abcde',
client_secret='123456,
resource_owner_key=access_token['oauth_token'],
resource_owner_secret=access_token['oauth_token_secret'],
signature_type='auth_header'
)
r = client.get('https://api.openstreetmap.org/api/0.6/user/details.json')
PHP
- MapCraft (source) - php tool does basic identification (preferences read)
- Tutorial on connecting with OAuth, reading user details and sending a changeset (in Russian).
- Level0 (source) - a simple raw OpenStreetMap editor
- http://funmap.co.uk/editor/ - A super simple tag editor in a single php script by Harry Wood (bit broken, but might be useful as a starting point)
- oauth1-openstreetmap, php-league oauth1 client extended for the OSM provider
R
Example for OAuth2 with httr2
obfuscated_secret <- httr2::obfuscate("OAuth-secret0123456789") # raw secret
client <- httr2::oauth_client(
id = "OAuth-id0123456789"),
token_url = "https://www.openstreetmap.org/oauth2/token",
secret = httr2::obfuscated(obfuscated_secret), # save the obfuscated secret string in the code here instead of the raw secret above
auth = "header"
)
token <- httr2::oauth_flow_auth_code(
client = client,
auth_url = "https://www.openstreetmap.org/oauth2/authorize",
scope = paste(c("read_prefs", "write_prefs", "write_api", "read_gpx", "write_gpx", "write_notes"), collapse = " "),
pkce = TRUE,
redirect_uri = "http://127.0.0.1"
)