API Basic Authentication

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

API Basic Authentication

Colin Smale

A (private) program I use which accesses the OSM API has stopped working since the last time I used it, a couple of weeks ago. Read-only calls to the API, including a (proven correct) Authentication header are now failing with 401 Unauthorized, with the returned body indicating a problem with the username/password. The same call without the Authorization header succeeds. I swear nothing has changed on my side; double-checking the auth header with Fiddler shows the username/password I expect, and I can still logout/login using these values (which I haven't changed).

Is there anything going on, or has anything changed on the API, that may be causing this?

Sample URL: GET on https://api.openstreetmap.org/api/0.6/relation/8465619

I know I can just remove the authentication - it was added for "future use" anyway - but why has it suddenly broken?

Thanks,

Colin


_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: API Basic Authentication

SimonPoole

See https://github.com/zerebubuth/openstreetmap-cgimap/issues/189

Your app should be working again right now as Tom has reverted back to the Rails implemetation, still you should likely be using OAuth to start with.

Simon

Am 30.05.2019 um 21:33 schrieb Colin Smale:

A (private) program I use which accesses the OSM API has stopped working since the last time I used it, a couple of weeks ago. Read-only calls to the API, including a (proven correct) Authentication header are now failing with 401 Unauthorized, with the returned body indicating a problem with the username/password. The same call without the Authorization header succeeds. I swear nothing has changed on my side; double-checking the auth header with Fiddler shows the username/password I expect, and I can still logout/login using these values (which I haven't changed).

Is there anything going on, or has anything changed on the API, that may be causing this?

Sample URL: GET onĀ https://api.openstreetmap.org/api/0.6/relation/8465619

I know I can just remove the authentication - it was added for "future use" anyway - but why has it suddenly broken?

Thanks,

Colin


_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: API Basic Authentication

Tom Hughes-3
In reply to this post by Colin Smale
On 30/05/2019 20:33, Colin Smale wrote:

> A (private) program I use which accesses the OSM API has stopped working
> since the last time I used it, a couple of weeks ago. Read-only calls to
> the API, including a (proven correct) Authentication header are now
> failing with 401 Unauthorized, with the returned body indicating a
> problem with the username/password. The same call without the
> Authorization header succeeds. I swear nothing has changed on my side;
> double-checking the auth header with Fiddler shows the username/password
> I expect, and I can still logout/login using these values (which I
> haven't changed).
>
> Is there anything going on, or has anything changed on the API, that may
> be causing this?
>
> Sample URL: GET on https://api.openstreetmap.org/api/0.6/relation/8465619
>
> I know I can just remove the authentication - it was added for "future
> use" anyway - but why has it suddenly broken?

It's a cgimap bug - previously it just ignored basic authentication
which was fine because it only handled calls where it was optional.

The version does do it but has a bug - we have a fix in hand which
should be rolled out shortly.

In the meantime try using your username instead of email address and
make sure you get he case right and it will hopefully work.

Tom

--
Tom Hughes ([hidden email])
http://compton.nu/

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: API Basic Authentication

Tom Hughes-3
In reply to this post by SimonPoole
I only reverted upload, not the method he is using.

Tom

On 30/05/2019 20:43, Simon Poole wrote:

> See https://github.com/zerebubuth/openstreetmap-cgimap/issues/189
>
> Your app should be working again right now as Tom has reverted back to
> the Rails implemetation, still you should likely be using OAuth to start
> with.
>
> Simon
>
> Am 30.05.2019 um 21:33 schrieb Colin Smale:
>>
>> A (private) program I use which accesses the OSM API has stopped
>> working since the last time I used it, a couple of weeks ago.
>> Read-only calls to the API, including a (proven correct)
>> Authentication header are now failing with 401 Unauthorized, with the
>> returned body indicating a problem with the username/password. The
>> same call without the Authorization header succeeds. I swear nothing
>> has changed on my side; double-checking the auth header with Fiddler
>> shows the username/password I expect, and I can still logout/login
>> using these values (which I haven't changed).
>>
>> Is there anything going on, or has anything changed on the API, that
>> may be causing this?
>>
>> Sample URL: GET on https://api.openstreetmap.org/api/0.6/relation/8465619
>>
>> I know I can just remove the authentication - it was added for "future
>> use" anyway - but why has it suddenly broken?
>>
>> Thanks,
>>
>> Colin
>>
>>
>> _______________________________________________
>> dev mailing list
>> [hidden email]
>> https://lists.openstreetmap.org/listinfo/dev
>
> _______________________________________________
> dev mailing list
> [hidden email]
> https://lists.openstreetmap.org/listinfo/dev
>


--
Tom Hughes ([hidden email])
http://compton.nu/

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: API Basic Authentication

Colin Smale
In reply to this post by Tom Hughes-3

Thanks Tom, it is indeed working with the username.

Colin

 


On 2019-05-30 21:45, Tom Hughes wrote:

On 30/05/2019 20:33, Colin Smale wrote:

A (private) program I use which accesses the OSM API has stopped working since the last time I used it, a couple of weeks ago. Read-only calls to the API, including a (proven correct) Authentication header are now failing with 401 Unauthorized, with the returned body indicating a problem with the username/password. The same call without the Authorization header succeeds. I swear nothing has changed on my side; double-checking the auth header with Fiddler shows the username/password I expect, and I can still logout/login using these values (which I haven't changed).

Is there anything going on, or has anything changed on the API, that may be causing this?

Sample URL: GET on https://api.openstreetmap.org/api/0.6/relation/8465619

I know I can just remove the authentication - it was added for "future use" anyway - but why has it suddenly broken?

It's a cgimap bug - previously it just ignored basic authentication
which was fine because it only handled calls where it was optional.

The version does do it but has a bug - we have a fix in hand which
should be rolled out shortly.

In the meantime try using your username instead of email address and
make sure you get he case right and it will hopefully work.

Tom

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: API Basic Authentication

Colin Smale
In reply to this post by SimonPoole

On 2019-05-30 21:43, Simon Poole wrote:

See https://github.com/zerebubuth/openstreetmap-cgimap/issues/189

Your app should be working again right now as Tom has reverted back to the Rails implemetation, still you should likely be using OAuth to start with.

It is indeed working now.

I can't see any reference on the wiki https://wiki.openstreetmap.org/wiki/API_v0.6#URL_.2B_authentication to the deprecation of Basic Auth on the API. Personally I am happy with Basic over HTTPS for the moment. As I said this is a private program and I do not currently intend to publish it to a wider audience. If that changes then I agree, OAuth would be the way to go.

Colin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev