Use of OSM API for non-editing third party applications

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Use of OSM API for non-editing third party applications

Nick Whitelegg-2

Hi,


I'm just asking something which was raised as an issue in my Gitlab repository for OpenTrailView (www.opentrailview.org; fully FOSS 360 panorama site which uses OSM ways to connect panoramas together).


The person who raised the issue requested that OSM logins be used on OpenTrailVIew rather than (as currently) its own login system. I suspect the reason is security-related as it allows users to use an existing trusted authentication system.


As OpenTrailView does not include provision for editing OSM data, I suspect the answer is no - but is it acceptable for third-party OSM-related sites which do not edit the data to 'piggyback' on OSM's authentication system like this?


Thanks,

Nick



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

SimonPoole


There is a large amount of precedent, for example mapillary, maproulette and lots that I've forgotten. So the answer is likely that while the website-devs are not in love with it, it is perfectly acceptable.


Simon


Am 01.08.2019 um 13:52 schrieb Nick Whitelegg:

Hi,


I'm just asking something which was raised as an issue in my Gitlab repository for OpenTrailView (www.opentrailview.org; fully FOSS 360 panorama site which uses OSM ways to connect panoramas together).


The person who raised the issue requested that OSM logins be used on OpenTrailVIew rather than (as currently) its own login system. I suspect the reason is security-related as it allows users to use an existing trusted authentication system.


As OpenTrailView does not include provision for editing OSM data, I suspect the answer is no - but is it acceptable for third-party OSM-related sites which do not edit the data to 'piggyback' on OSM's authentication system like this?


Thanks,

Nick



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Jóhannes Birgir Jensson
In reply to this post by Nick Whitelegg-2
My data quantifier concept tool does use OSM authentication for logins and does not edit OSM data (http://osm.hlidskjalf.is/ ).

I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.

-- Jói / Stalfur



1. ágúst 2019 kl. 11:58, skrifaði "Nick Whitelegg" <[hidden email]>:

Hi,

I'm just asking something which was raised as an issue in my Gitlab repository for OpenTrailView (www.opentrailview.org; fully FOSS 360 panorama site which uses OSM ways to connect panoramas together).

The person who raised the issue requested that OSM logins be used on OpenTrailVIew rather than (as currently) its own login system. I suspect the reason is security-related as it allows users to use an existing trusted authentication system.

As OpenTrailView does not include provision for editing OSM data, I suspect the answer is no - but is it acceptable for third-party OSM-related sites which do not edit the data to 'piggyback' on OSM's authentication system like this?

Thanks,

Nick




_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Nick Whitelegg-2


OK, many thanks for that - good to know that there's prior precedent.


Thanks,

Nick




From: Jóhannes Birgir Jensson <[hidden email]>
Sent: 01 August 2019 15:21:56
To: Nick Whitelegg <[hidden email]>; dev Openstreetmap <[hidden email]>
Subject: Re: [OSM-dev] Use of OSM API for non-editing third party applications
 
My data quantifier concept tool does use OSM authentication for logins and does not edit OSM data (http://osm.hlidskjalf.is/ ).

I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.

-- Jói / Stalfur



1. ágúst 2019 kl. 11:58, skrifaði "Nick Whitelegg" <[hidden email]>:

Hi,

I'm just asking something which was raised as an issue in my Gitlab repository for OpenTrailView (www.opentrailview.org; fully FOSS 360 panorama site which uses OSM ways to connect panoramas together).

The person who raised the issue requested that OSM logins be used on OpenTrailVIew rather than (as currently) its own login system. I suspect the reason is security-related as it allows users to use an existing trusted authentication system.

As OpenTrailView does not include provision for editing OSM data, I suspect the answer is no - but is it acceptable for third-party OSM-related sites which do not edit the data to 'piggyback' on OSM's authentication system like this?

Thanks,

Nick




_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

dieterdreist
In reply to this post by Jóhannes Birgir Jensson


sent from a phone

On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:

I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.


it’s written here:


Cheers Martin 

_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Jóhannes Birgir Jensson
Hello Martin.

I'm afraid you are confusing two different things.

The relevant page for authentication is this one https://wiki.openstreetmap.org/wiki/OAuth

This is a totally different thing from the editing API.

Cheers,
Jói

1. ágúst 2019 kl. 21:45, skrifaði "Martin Koppenhoefer" <[hidden email]>:
sent from a phone

On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:
I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.
it’s written here:
Cheers Martin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

tigerfell-688
Not necessarily, the API calls
user/preferences (https://wiki.openstreetmap.org/wiki/API_v0.6#Preferences_of_the_logged-in_user) are used by some services to provide login and user organisation.

Tigerfell

Aug. 2, 2019, 2:14 a.m. by [hidden email]:
Hello Martin.

I'm afraid you are confusing two different things.

The relevant page for authentication is this one https://wiki.openstreetmap.org/wiki/OAuth

This is a totally different thing from the editing API.

Cheers,
Jói

1. ágúst 2019 kl. 21:45, skrifaði "Martin Koppenhoefer" <" tabindex="-1" target="_blank">[hidden email]>:

sent from a phone

On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:
I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.

it’s written here:


Cheers Martin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Colin Smale
Now you are confusing authentication with authorisation.

On 2 August 2019 10:07:19 BST, Tigerfell <[hidden email]> wrote:
Not necessarily, the API calls
user/preferences (https://wiki.openstreetmap.org/wiki/API_v0.6#Preferences_of_the_logged-in_user) are used by some services to provide login and user organisation.

Tigerfell

Aug. 2, 2019, 2:14 a.m. by [hidden email]:
Hello Martin.

I'm afraid you are confusing two different things.

The relevant page for authentication is this one https://wiki.openstreetmap.org/wiki/OAuth

This is a totally different thing from the editing API.

Cheers,
Jói

1. ágúst 2019 kl. 21:45, skrifaði "Martin Koppenhoefer" <" tabindex="-1" target="_blank">[hidden email]>:

sent from a phone

On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:
I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.

it’s written here:


Cheers Martin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Nick Whitelegg-2



In the light of this discussion, and to follow up my original email, one thing I would want to do is associate uploaded panoramas with user IDs, for which I would need the OSM user details API. I would need this to only allow a given user to rotate or move their own panoramas, and not other users'. I presume this would be acceptable (if mentioned on an appropriate privacy policy)?

I tried to play around with Mapillary to see how they handle OSM authentication but I'm not sure whether it's working correctly- as  when I am returned to Mapillary after authentication with OSM, I get the error "User does not exist".

Nick

From: Colin Smale <[hidden email]>
Sent: 02 August 2019 10:15:45
To: [hidden email] <[hidden email]>; Tigerfell <[hidden email]>; Jóhannes Birgir Jensson <[hidden email]>
Cc: dev Openstreetmap <[hidden email]>
Subject: Re: [OSM-dev] Use of OSM API for non-editing third party applications
 
Now you are confusing authentication with authorisation.

On 2 August 2019 10:07:19 BST, Tigerfell <[hidden email]> wrote:
Not necessarily, the API calls
user/preferences (https://wiki.openstreetmap.org/wiki/API_v0.6#Preferences_of_the_logged-in_user) are used by some services to provide login and user organisation.

Tigerfell

Aug. 2, 2019, 2:14 a.m. by [hidden email]:
Hello Martin.

I'm afraid you are confusing two different things.

The relevant page for authentication is this one https://wiki.openstreetmap.org/wiki/OAuth

This is a totally different thing from the editing API.

Cheers,
Jói

1. ágúst 2019 kl. 21:45, skrifaði "Martin Koppenhoefer" <[hidden email]>:

sent from a phone

On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:
I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.

it’s written here:


Cheers Martin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Use of OSM API for non-editing third party applications

Jóhannes Birgir Jensson
In the OAuth authentication you get the display name and ID of the OSM user, you can then use that OSM ID to mark the users contributions in your own db.



2. ágúst 2019 kl. 11:41, skrifaði "Nick Whitelegg" <[hidden email]>:
In the light of this discussion, and to follow up my original email, one thing I would want to do is associate uploaded panoramas with user IDs, for which I would need the OSM user details API. I would need this to only allow a given user to rotate or move their own panoramas, and not other users'. I presume this would be acceptable (if mentioned on an appropriate privacy policy)?
I tried to play around with Mapillary to see how they handle OSM authentication but I'm not sure whether it's working correctly- as when I am returned to Mapillary after authentication with OSM, I get the error "User does not exist".
Nick

From: Colin Smale <[hidden email]>
Sent: 02 August 2019 10:15:45
To: [hidden email] <[hidden email]>; Tigerfell <[hidden email]>; Jóhannes Birgir Jensson <[hidden email]>
Cc: dev Openstreetmap <[hidden email]>
Subject: Re: [OSM-dev] Use of OSM API for non-editing third party applications
Now you are confusing authentication with authorisation.
On 2 August 2019 10:07:19 BST, Tigerfell <[hidden email]> wrote:
Not necessarily, the API calls
user/preferences (https://wiki.openstreetmap.org/wiki/API_v0.6#Preferences_of_the_logged-in_user) are used by some services to provide login and user organisation.
Tigerfell
Aug. 2, 2019, 2:14 a.m. by [hidden email]:
Hello Martin.
I'm afraid you are confusing two different things.
The relevant page for authentication is this one https://wiki.openstreetmap.org/wiki/OAuth
This is a totally different thing from the editing API.
Cheers,
Jói
1. ágúst 2019 kl. 21:45, skrifaði "Martin Koppenhoefer" <[hidden email]>:
sent from a phone
On 1. Aug 2019, at 16:21, Jóhannes Birgir Jensson <[hidden email]> wrote:
I never read anything where it said that OSM-auth was only for editing. So I have worked on the assumption that the answer would be yes, you can piggyback.
it’s written here:
Cheers Martin



_______________________________________________
dev mailing list
[hidden email]
https://lists.openstreetmap.org/listinfo/dev