source: josm/trunk/src/org/openstreetmap/josm/gui/oauth/AbstractAuthorizationUI.java@ 18991

Last change on this file since 18991 was 18991, checked in by taylor.smock, 3 months ago

Fix #22810: OSM OAuth 1.0a/Basic auth deprecation and removal

As of 2024-02-15, something changed in the OSM server configuration. This broke
our OAuth 1.0a implementation (see #23475). As such, we are removing OAuth 1.0a
from JOSM now instead of when the OSM server removes support in June 2024.

For third-party OpenStreetMap servers, the Basic Authentication method has been
kept. However, they should be made aware that it may be removed if a non-trivial
bug occurs with it. We highly recommend that the third-party servers update to
the current OpenStreetMap website implementation (if only for their own security).

Failing that, the third-party server can implement RFC8414. As of this commit,
we currently use the authorization_endpoint and token_endpoint fields.
To check and see if their third-party server implements RFC8414, they can go
to <server host>/.well-known/oauth-authorization-server.

Prominent third-party OpenStreetMap servers may give us a client id for their
specific server. That client id may be added to the hard-coded client id list
at maintainer discretion. At a minimum, the server must be publicly
available and have a significant user base.
  • Property svn:eol-style set to native
File size: 4.8 KB
Line 
1// License: GPL. For details, see LICENSE file.
2package org.openstreetmap.josm.gui.oauth;
3
4import java.util.Objects;
5
6import org.openstreetmap.josm.data.oauth.IOAuthParameters;
7import org.openstreetmap.josm.data.oauth.IOAuthToken;
8import org.openstreetmap.josm.data.oauth.OAuthParameters;
9import org.openstreetmap.josm.data.oauth.OAuthVersion;
10import org.openstreetmap.josm.gui.widgets.VerticallyScrollablePanel;
11import org.openstreetmap.josm.tools.CheckParameterUtil;
12
13/**
14 * This is the abstract base class for the three authorisation UIs.
15 *
16 * @since 2746
17 */
18public abstract class AbstractAuthorizationUI extends VerticallyScrollablePanel {
19 /**
20 * The property name for the Access Token property
21 */
22 public static final String ACCESS_TOKEN_PROP = AbstractAuthorizationUI.class.getName() + ".accessToken";
23
24 private String apiUrl;
25 private final AdvancedOAuthPropertiesPanel pnlAdvancedProperties;
26 private transient IOAuthToken accessToken;
27
28 /**
29 * Constructs a new {@code AbstractAuthorizationUI} for the given API URL.
30 * @param apiUrl The OSM API URL (may be null)
31 * @param oAuthVersion The oauth version to use
32 * @since 18991
33 */
34 protected AbstractAuthorizationUI(String apiUrl, OAuthVersion oAuthVersion) {
35 this.pnlAdvancedProperties = new AdvancedOAuthPropertiesPanel(oAuthVersion);
36 if (apiUrl != null) {
37 setApiUrl(apiUrl);
38 }
39 }
40
41 protected void fireAccessTokenChanged(IOAuthToken oldValue, IOAuthToken newValue) {
42 firePropertyChange(ACCESS_TOKEN_PROP, oldValue, newValue);
43 }
44
45 /**
46 * Replies the URL of the OSM API for which this UI is currently trying to retrieve an OAuth
47 * Access Token
48 *
49 * @return the API URL
50 */
51 public String getApiUrl() {
52 return apiUrl;
53 }
54
55 /**
56 * Sets the URL of the OSM API for which this UI is currently trying to retrieve an OAuth
57 * Access Token
58 *
59 * @param apiUrl the api URL
60 */
61 public void setApiUrl(String apiUrl) {
62 this.apiUrl = apiUrl;
63 this.pnlAdvancedProperties.setApiUrl(apiUrl);
64 }
65
66 /**
67 * Replies the panel for entering advanced OAuth parameters (see {@link OAuthParameters})
68 *
69 * @return the panel for entering advanced OAuth parameters
70 * @see #getOAuthParameters()
71 */
72 protected AdvancedOAuthPropertiesPanel getAdvancedPropertiesPanel() {
73 return pnlAdvancedProperties;
74 }
75
76 /**
77 * Replies the current set of advanced OAuth parameters in this UI
78 *
79 * @return the current set of advanced OAuth parameters in this UI
80 */
81 public IOAuthParameters getOAuthParameters() {
82 return pnlAdvancedProperties.getAdvancedParameters();
83 }
84
85 /**
86 * Replies the retrieved Access Token. null, if no Access Token was retrieved.
87 *
88 * @return the retrieved Access Token
89 */
90 public IOAuthToken getAccessToken() {
91 return accessToken;
92 }
93
94 /**
95 * Sets the current Access Token. This will fire a property change event for {@link #ACCESS_TOKEN_PROP}
96 * if the access token has changed
97 *
98 * @param accessToken the new access token. null, to clear the current access token
99 */
100 protected void setAccessToken(IOAuthToken accessToken) {
101 IOAuthToken oldValue = this.accessToken;
102 this.accessToken = accessToken;
103 if (oldValue == null ^ this.accessToken == null) {
104 fireAccessTokenChanged(oldValue, this.accessToken);
105 } else if (oldValue == null && this.accessToken == null) {
106 // no change - don't fire an event
107 } else if (!Objects.equals(oldValue, this.accessToken)) {
108 fireAccessTokenChanged(oldValue, this.accessToken);
109 }
110 }
111
112 /**
113 * Get the OAuth version for this AuthorizationUI
114 * @return The OAuth version
115 * @since 18991
116 */
117 public OAuthVersion getOAuthVersion() {
118 return this.pnlAdvancedProperties.getAdvancedParameters().getOAuthVersion();
119 }
120
121 /**
122 * Replies true if this UI currently has an Access Token
123 *
124 * @return true if this UI currently has an Access Token
125 */
126 public boolean hasAccessToken() {
127 return accessToken != null;
128 }
129
130 /**
131 * Replies whether the user has chosen to save the Access Token in the JOSM
132 * preferences or not.
133 *
134 * @return true if the user has chosen to save the Access Token
135 */
136 public abstract boolean isSaveAccessTokenToPreferences();
137
138 /**
139 * Initializes the authorisation UI.
140 *
141 * @param paramApiUrl the API URL. Must not be null.
142 * @throws IllegalArgumentException if paramApiUrl is null
143 */
144 public void initialize(String paramApiUrl) {
145 CheckParameterUtil.ensureParameterNotNull(paramApiUrl, "paramApiUrl");
146 pnlAdvancedProperties.initialize(paramApiUrl);
147 }
148}
Note: See TracBrowser for help on using the repository browser.