Changeset 18991 – JOSM

trunk/ivy.xml

-              r18979
+              r18991
         <dependency conf="api->default" org="com.formdev" name="svgSalamander" rev="1.1.4"/>
         <dependency conf="api->default" org="ch.poole" name="OpeningHoursParser" rev="0.28.1"/>
-        <dependency conf="api->default" org="oauth.signpost" name="signpost-core" rev="2.1.1"/>
         <!-- Don't forget to update org.openstreetmap.josm.tools.Tag2Link#PREF_SOURCE -->
         <dependency conf="api->default" org="org.webjars.npm" name="tag2link" rev="2024.2.8"/>
 …
         <dependency conf="sources->sources" org="com.formdev" name="svgSalamander" rev="1.1.4"/>
         <dependency conf="sources->sources" org="ch.poole" name="OpeningHoursParser" rev="0.28.1"/>
-        <dependency conf="sources->sources" org="oauth.signpost" name="signpost-core" rev="2.1.1"/>
         <dependency conf="sources->default" org="org.webjars.npm" name="tag2link" rev="2024.2.8"/><!-- sources->default sic! (tag2link-sources.jar is empty, see #19335) -->
         <!-- commonslang->default -->

trunk/src/org/openstreetmap/josm/data/oauth/OAuth20Parameters.java

-              r18723
+              r18991
         return builder.build().toString();
+    }
+    @Override
+    public int hashCode() {
+        return Objects.hash(this.apiUrl, this.authorizeUrl, this.tokenUrl, this.clientId, this.clientSecret, this.redirectUri);
+    }
+    @Override
+    public boolean equals(Object obj) {
+        if (obj != null && this.getClass() == obj.getClass()) {
+            OAuth20Parameters other = (OAuth20Parameters) obj;
+            return Objects.equals(this.clientSecret, other.clientSecret) &&
+                    Objects.equals(this.clientId, other.clientId) &&
+                    Objects.equals(this.redirectUri, other.redirectUri) &&
+                    Objects.equals(this.tokenUrl, other.tokenUrl) &&
+                    Objects.equals(this.authorizeUrl, other.authorizeUrl) &&
+                    Objects.equals(this.apiUrl, other.apiUrl);
+        }
+        return false;
+    }
+}

trunk/src/org/openstreetmap/josm/data/oauth/OAuthAccessTokenHolder.java

-              r18764
+              r18991
     private boolean saveToPreferences;
-    private String accessTokenKey;
-    private String accessTokenSecret;
     private final Map<String, Map<OAuthVersion, IOAuthToken>> tokenMap = new HashMap<>();
 …
     /**
      * Sets whether the current access token should be saved to the preferences file.
+     *
+     * <p>
      * If true, the access token is saved in clear text to the preferences file. The same
      * access token can therefore be used in multiple JOSM sessions.
+     *
+     * <p>
      * If false, the access token isn't saved to the preferences file. If JOSM is closed,
      * the access token is lost and new token has to be generated by the OSM server the
 …
     public void setSaveToPreferences(boolean saveToPreferences) {
         this.saveToPreferences = saveToPreferences;
+    }
-    /**
-     * Replies the access token key. null, if no access token key is currently set.
+     *
-     * @return the access token key
-     */
-    public String getAccessTokenKey() {
-        return accessTokenKey;
+    }
-    /**
-     * Sets the access token key. Pass in null to remove the current access token key.
+     *
-     * @param accessTokenKey the access token key
-     */
-    public void setAccessTokenKey(String accessTokenKey) {
-        this.accessTokenKey = accessTokenKey;
+    }
-    /**
-     * Replies the access token secret. null, if no access token secret is currently set.
+     *
-     * @return the access token secret
-     */
-    public String getAccessTokenSecret() {
-        return accessTokenSecret;
+    }
-    /**
-     * Sets the access token secret. Pass in null to remove the current access token secret.
+     *
-     * @param accessTokenSecret access token secret, or null
-     */
-    public void setAccessTokenSecret(String accessTokenSecret) {
-        this.accessTokenSecret = accessTokenSecret;
+    }
-    /**
-     * Replies the access token.
-     * @return the access token, can be {@code null}
-     */
-    public OAuthToken getAccessToken() {
-        if (!containsAccessToken())
-            return null;
-        return new OAuthToken(accessTokenKey, accessTokenSecret);
+    }
 …
      * Sets the access token hold by this holder.
+     *
-     * @param accessTokenKey the access token key
-     * @param accessTokenSecret the access token secret
-     */
-    public void setAccessToken(String accessTokenKey, String accessTokenSecret) {
-        this.accessTokenKey = accessTokenKey;
-        this.accessTokenSecret = accessTokenSecret;
+    }
-    /**
-     * Sets the access token hold by this holder.
+     *
-     * @param token the access token. Can be null to clear the content in this holder.
-     */
-    public void setAccessToken(OAuthToken token) {
-        if (token == null) {
-            this.accessTokenKey = null;
-            this.accessTokenSecret = null;
-        } else {
-            this.accessTokenKey = token.getKey();
-            this.accessTokenSecret = token.getSecret();
+        }
+    }
-    /**
-     * Sets the access token hold by this holder.
+     *
      * @param api The api the token is for
      * @param token the access token. Can be null to clear the content in this holder.
 …
     /**
-     * Replies true if this holder contains an complete access token, consisting of an
-     * Access Token Key and an Access Token Secret.
+     *
-     * @return true if this holder contains an complete access token
-     */
-    public boolean containsAccessToken() {
-        return accessTokenKey != null && accessTokenSecret != null;
+    }
-    /**
      * Initializes the content of this holder from the Access Token managed by the
      * credential manager.
 …
     public void init(CredentialsAgent cm) {
         CheckParameterUtil.ensureParameterNotNull(cm, "cm");
-        OAuthToken token = null;
-        try {
-            token = cm.lookupOAuthAccessToken();
-        } catch (CredentialsAgentException e) {
-            Logging.error(e);
-            Logging.warn(tr("Failed to retrieve OAuth Access Token from credential manager"));
-            Logging.warn(tr("Current credential manager is of type ''{0}''", cm.getClass().getName()));
+        }
         saveToPreferences = Config.getPref().getBoolean("oauth.access-token.save-to-preferences", true);
-        if (token != null) {
-            accessTokenKey = token.getKey();
-            accessTokenSecret = token.getSecret();
+        }
+    }
 …
         try {
             if (!saveToPreferences) {
-                cm.storeOAuthAccessToken(null);
                 for (String host : this.tokenMap.keySet()) {
                     cm.storeOAuthAccessToken(host, null);
+                }
             } else {
-                if (this.accessTokenKey != null && this.accessTokenSecret != null) {
-                    cm.storeOAuthAccessToken(new OAuthToken(accessTokenKey, accessTokenSecret));
-                } else {
-                    cm.storeOAuthAccessToken(null);
+                }
                 for (Map.Entry<String, Map<OAuthVersion, IOAuthToken>> entry : this.tokenMap.entrySet()) {
                     if (entry.getValue().isEmpty()) {
 …
      */
     public void clear() {
+        accessTokenKey = null;
+        accessTokenSecret = null;
+        this.tokenMap.clear();
+    }
+}

trunk/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java

-              r18723
+              r18991
 import java.io.BufferedReader;
 import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
 import java.net.URL;
+import java.util.Objects;
+import java.util.HashMap;
+import java.util.Map;
+import org.openstreetmap.josm.io.NetworkManager;
+import org.openstreetmap.josm.io.OsmApi;
+import org.openstreetmap.josm.io.auth.CredentialsAgentException;
+import org.openstreetmap.josm.io.auth.CredentialsManager;
+import org.openstreetmap.josm.spi.preferences.Config;
+import org.openstreetmap.josm.spi.preferences.IUrls;
+import org.openstreetmap.josm.tools.HttpClient;
+import org.openstreetmap.josm.tools.JosmRuntimeException;
+import org.openstreetmap.josm.tools.Logging;
+import org.openstreetmap.josm.tools.Utils;
 import jakarta.json.Json;
 …
 import jakarta.json.JsonValue;
-import org.openstreetmap.josm.io.OsmApi;
-import org.openstreetmap.josm.io.auth.CredentialsAgentException;
-import org.openstreetmap.josm.io.auth.CredentialsManager;
-import org.openstreetmap.josm.spi.preferences.Config;
-import org.openstreetmap.josm.spi.preferences.IUrls;
-import org.openstreetmap.josm.tools.CheckParameterUtil;
-import org.openstreetmap.josm.tools.HttpClient;
-import org.openstreetmap.josm.tools.Logging;
-import org.openstreetmap.josm.tools.Utils;
-import oauth.signpost.OAuthConsumer;
-import oauth.signpost.OAuthProvider;
 /**
  * This class manages an immutable set of OAuth parameters.
  * @since 2747
+ * @since 2747 (static factory class since 18991)
  */
+public class OAuthParameters implements IOAuthParameters {
+    /**
+     * The default JOSM OAuth consumer key (created by user josmeditor).
+     */
+    public static final String DEFAULT_JOSM_CONSUMER_KEY = "F7zPYlVCqE2BUH9Hr4SsWZSOnrKjpug1EgqkbsSb";
+    /**
+     * The default JOSM OAuth consumer secret (created by user josmeditor).
+     */
+    public static final String DEFAULT_JOSM_CONSUMER_SECRET = "rIkjpPcBNkMQxrqzcOvOC4RRuYupYr7k8mfP13H5";
+public final class OAuthParameters {
+    private static final Map<String, JsonObject> RFC8414_RESPONSES = new HashMap<>(1);
+    private static final String OSM_API_DEFAULT = "https://api.openstreetmap.org/api";
+    private static final String OSM_API_DEV = "https://api06.dev.openstreetmap.org/api";
+    private static final String OSM_API_MASTER = "https://master.apis.dev.openstreetmap.org/api";
+    private OAuthParameters() {
+        // Hide constructor
+    }
     /**
      * Replies a set of default parameters for a consumer accessing the standard OSM server
      * at {@link IUrls#getDefaultOsmApiUrl}.
+     *
+     * <p>
+     * Note that this may make network requests for RFC 8414 compliant endpoints.
      * @return a set of default parameters
      */
     public static OAuthParameters createDefault() {
         return createDefault(null);
+    public static IOAuthParameters createDefault() {
+        return createDefault(Config.getUrls().getDefaultOsmApiUrl(), OAuthVersion.OAuth20);
+    }
 …
      * at the given API url. URL parameters are only set if the URL equals {@link IUrls#getDefaultOsmApiUrl}
      * or references the domain "dev.openstreetmap.org", otherwise they may be <code>null</code>.
+     *
+     * @param apiUrl The API URL for which the OAuth default parameters are created. If null or empty, the default OSM API url is used.
+     * @return a set of default parameters for the given {@code apiUrl}
+     * @since 5422
+     */
+    public static OAuthParameters createDefault(String apiUrl) {
+        return (OAuthParameters) createDefault(apiUrl, OAuthVersion.OAuth10a);
+    }
+    /**
+     * Replies a set of default parameters for a consumer accessing an OSM server
+     * at the given API url. URL parameters are only set if the URL equals {@link IUrls#getDefaultOsmApiUrl}
+     * or references the domain "dev.openstreetmap.org", otherwise they may be <code>null</code>.
+     * <p>
+     * Note that this may make network requests for RFC 8414 compliant endpoints.
+     *
      * @param apiUrl The API URL for which the OAuth default parameters are created. If null or empty, the default OSM API url is used.
 …
         switch (oAuthVersion) {
-            case OAuth10a:
-                return getDefaultOAuth10Parameters(apiUrl);
             case OAuth20:
             case OAuth21: // For now, OAuth 2.1 (draft) is just OAuth 2.0 with mandatory extensions, which we implement.
 …
+    }
+    private static JsonObject getRFC8414Parameters(String apiUrl) {
+        HttpClient client = null;
+        try {
+            final URI apiURI = new URI(apiUrl);
+            final URL rfc8414URL = new URI(apiURI.getScheme(), apiURI.getHost(),
+                    "/.well-known/oauth-authorization-server", null).toURL();
+            client = HttpClient.create(rfc8414URL);
+            HttpClient.Response response = client.connect();
+            if (response.getResponseCode() == 200) {
+                try (BufferedReader reader = response.getContentReader();
+                     JsonReader jsonReader = Json.createReader(reader)) {
+                    JsonStructure structure = jsonReader.read();
+                    if (structure.getValueType() == JsonValue.ValueType.OBJECT) {
+                        return structure.asJsonObject();
+                    }
+                }
+            }
+        } catch (URISyntaxException | IOException e) {
+            throw new JosmRuntimeException(e);
+        } finally {
+            if (client != null) {
+                client.disconnect();
+            }
+        }
+        return Json.createObjectBuilder().build();
+    }
     /**
      * Get the default OAuth 2.0 parameters
 …
         final String clientId;
         final String clientSecret;
         final String redirectUri;
+        final String redirectUri = "http://127.0.0.1:8111/oauth_authorization";
         final String baseUrl;
+        if (apiUrl != null && !Config.getUrls().getDefaultOsmApiUrl().equals(apiUrl) && !"http://invalid".equals(apiUrl)) {
+            clientId = "";
+            clientSecret = "";
+            baseUrl = apiUrl;
+            HttpClient client = null;
+            redirectUri = "";
+            // Check if the server is RFC 8414 compliant
+            try {
+                client = HttpClient.create(new URL(apiUrl + (apiUrl.endsWith("/") ? "" : "/") + ".well-known/oauth-authorization-server"));
+                HttpClient.Response response = client.connect();
+                if (response.getResponseCode() == 200) {
+                    try (BufferedReader reader = response.getContentReader();
+                         JsonReader jsonReader = Json.createReader(reader)) {
+                        JsonStructure structure = jsonReader.read();
+                        if (structure.getValueType() == JsonValue.ValueType.OBJECT) {
+                            return parseAuthorizationServerMetadataResponse(clientId, clientSecret, apiUrl,
+                                    redirectUri, structure.asJsonObject());
+                        }
+                    }
+                }
+            } catch (IOException | OAuthException e) {
+        apiUrl = apiUrl == null ? OsmApi.getOsmApi().getServerUrl() : apiUrl;
+        switch (apiUrl) {
+            case OSM_API_DEV:
+            case OSM_API_MASTER:
+                // This clientId/clientSecret are provided by taylor.smock. Feel free to change if needed, but
+                // do let one of the maintainers with server access know so that they can update the test OAuth
+                // token.
+                clientId = "-QZt6n1btDfqrfJNGUIMZjzcyqTgIV6sy79_W4kmQLM";
+                // Keep secret for dev apis, just in case we want to test something that needs it.
+                clientSecret = "SWnmRD4AdLO-2-ttHE5TR3eLF2McNf7dh0_Z2WNzJdI";
+                break;
+            case OSM_API_DEFAULT:
+                clientId = "edPII614Lm0_0zEpc_QzEltA9BUll93-Y-ugRQUoHMI";
+                // We don't actually use the client secret in our authorization flow.
+                clientSecret = null;
+                break;
+            case "https://www.openhistoricalmap.org/api":
+                // clientId provided by 1ec5 (Minh Nguyễn)
+                clientId = "Hl5yIhFS-Egj6aY7A35ouLOuZl0EHjj8JJQQ46IO96E";
+                clientSecret = null;
+                break;
+            default:
+                clientId = "";
+                clientSecret = null;
+        }
+        baseUrl = apiUrl;
+        // Check if the server is RFC 8414 compliant
+        try {
+            synchronized (RFC8414_RESPONSES) {
+                final JsonObject data;
+                if (NetworkManager.isOffline(apiUrl)) {
+                    data = null;
+                } else {
+                    data = RFC8414_RESPONSES.computeIfAbsent(apiUrl, OAuthParameters::getRFC8414Parameters);
+                }
+                if (data == null || data.isEmpty()) {
+                    RFC8414_RESPONSES.remove(apiUrl);
+                } else {
+                    return parseAuthorizationServerMetadataResponse(clientId, clientSecret, apiUrl,
+                            redirectUri, data);
+                }
+            }
+        } catch (JosmRuntimeException e) {
+            if (e.getCause() instanceof URISyntaxException || e.getCause() instanceof IOException) {
                 Logging.trace(e);
+            } finally {
+                if (client != null) client.disconnect();
+            }
+        } else {
+            clientId = "edPII614Lm0_0zEpc_QzEltA9BUll93-Y-ugRQUoHMI";
+            // We don't actually use the client secret in our authorization flow.
+            clientSecret = null;
+            baseUrl = "https://www.openstreetmap.org/oauth2";
+            redirectUri = "http://127.0.0.1:8111/oauth_authorization";
+            apiUrl = OsmApi.getOsmApi().getBaseUrl();
+        }
+            } else {
+                throw e;
+            }
+        } catch (OAuthException e) {
+            Logging.trace(e);
+        }
+        // Fall back to guessing the parameters.
         return new OAuth20Parameters(clientId, clientSecret, baseUrl, apiUrl, redirectUri);
+    }
 …
     /**
-     * Get the default OAuth 1.0a parameters
-     * @param apiUrl The api url
-     * @return The default parameters
-     */
-    private static OAuthParameters getDefaultOAuth10Parameters(String apiUrl) {
-        final String consumerKey;
-        final String consumerSecret;
-        final String serverUrl;
-        if (apiUrl != null && !Config.getUrls().getDefaultOsmApiUrl().equals(apiUrl)) {
-            consumerKey = ""; // a custom consumer key is required
-            consumerSecret = ""; // a custom consumer secret is requireds
-            serverUrl = apiUrl.replaceAll("/api$", "");
-        } else {
-            consumerKey = DEFAULT_JOSM_CONSUMER_KEY;
-            consumerSecret = DEFAULT_JOSM_CONSUMER_SECRET;
-            serverUrl = Config.getUrls().getOSMWebsite();
+        }
-        return new OAuthParameters(
-                consumerKey,
-                consumerSecret,
-                serverUrl + "/oauth/request_token",
-                serverUrl + "/oauth/access_token",
-                serverUrl + "/oauth/authorize",
-                serverUrl + "/login",
-                serverUrl + "/logout");
+    }
-    /**
-     * Replies a set of parameters as defined in the preferences.
+     *
-     * @param apiUrl the API URL. Must not be null.
-     * @return the parameters
-     */
-    public static OAuthParameters createFromApiUrl(String apiUrl) {
-        return (OAuthParameters) createFromApiUrl(apiUrl, OAuthVersion.OAuth10a);
+    }
-    /**
      * Replies a set of parameters as defined in the preferences.
+     *
 …
         IOAuthParameters parameters = createDefault(apiUrl, oAuthVersion);
         switch (oAuthVersion) {
-            case OAuth10a:
-                OAuthParameters oauth10aParameters = (OAuthParameters) parameters;
-                return new OAuthParameters(
-                    Config.getPref().get("oauth.settings.consumer-key", oauth10aParameters.getConsumerKey()),
-                    Config.getPref().get("oauth.settings.consumer-secret", oauth10aParameters.getConsumerSecret()),
-                    Config.getPref().get("oauth.settings.request-token-url", oauth10aParameters.getRequestTokenUrl()),
-                    Config.getPref().get("oauth.settings.access-token-url", oauth10aParameters.getAccessTokenUrl()),
-                    Config.getPref().get("oauth.settings.authorise-url", oauth10aParameters.getAuthoriseUrl()),
-                    Config.getPref().get("oauth.settings.osm-login-url", oauth10aParameters.getOsmLoginUrl()),
-                    Config.getPref().get("oauth.settings.osm-logout-url", oauth10aParameters.getOsmLogoutUrl()));
             case OAuth20:
             case OAuth21: // Right now, OAuth 2.1 will work with our OAuth 2.0 implementation
 …
+        }
+    }
-    /**
-     * Remembers the current values in the preferences.
-     */
-    @Override
-    public void rememberPreferences() {
-        Config.getPref().put("oauth.settings.consumer-key", getConsumerKey());
-        Config.getPref().put("oauth.settings.consumer-secret", getConsumerSecret());
-        Config.getPref().put("oauth.settings.request-token-url", getRequestTokenUrl());
-        Config.getPref().put("oauth.settings.access-token-url", getAccessTokenUrl());
-        Config.getPref().put("oauth.settings.authorise-url", getAuthoriseUrl());
-        Config.getPref().put("oauth.settings.osm-login-url", getOsmLoginUrl());
-        Config.getPref().put("oauth.settings.osm-logout-url", getOsmLogoutUrl());
+    }
-    private final String consumerKey;
-    private final String consumerSecret;
-    private final String requestTokenUrl;
-    private final String accessTokenUrl;
-    private final String authoriseUrl;
-    private final String osmLoginUrl;
-    private final String osmLogoutUrl;
-    /**
-     * Constructs a new {@code OAuthParameters}.
-     * @param consumerKey consumer key
-     * @param consumerSecret consumer secret
-     * @param requestTokenUrl request token URL
-     * @param accessTokenUrl access token URL
-     * @param authoriseUrl authorise URL
-     * @param osmLoginUrl the OSM login URL (for automatic mode)
-     * @param osmLogoutUrl the OSM logout URL (for automatic mode)
-     * @see #createDefault
-     * @see #createFromApiUrl
-     * @since 9220
-     */
-    public OAuthParameters(String consumerKey, String consumerSecret,
-                           String requestTokenUrl, String accessTokenUrl, String authoriseUrl, String osmLoginUrl, String osmLogoutUrl) {
-        this.consumerKey = consumerKey;
-        this.consumerSecret = consumerSecret;
-        this.requestTokenUrl = requestTokenUrl;
-        this.accessTokenUrl = accessTokenUrl;
-        this.authoriseUrl = authoriseUrl;
-        this.osmLoginUrl = osmLoginUrl;
-        this.osmLogoutUrl = osmLogoutUrl;
+    }
-    /**
-     * Creates a clone of the parameters in <code>other</code>.
+     *
-     * @param other the other parameters. Must not be null.
-     * @throws IllegalArgumentException if other is null
-     */
-    public OAuthParameters(OAuthParameters other) {
-        CheckParameterUtil.ensureParameterNotNull(other, "other");
-        this.consumerKey = other.consumerKey;
-        this.consumerSecret = other.consumerSecret;
-        this.accessTokenUrl = other.accessTokenUrl;
-        this.requestTokenUrl = other.requestTokenUrl;
-        this.authoriseUrl = other.authoriseUrl;
-        this.osmLoginUrl = other.osmLoginUrl;
-        this.osmLogoutUrl = other.osmLogoutUrl;
+    }
-    /**
-     * Gets the consumer key.
-     * @return The consumer key
-     */
-    public String getConsumerKey() {
-        return consumerKey;
+    }
-    /**
-     * Gets the consumer secret.
-     * @return The consumer secret
-     */
-    public String getConsumerSecret() {
-        return consumerSecret;
+    }
-    /**
-     * Gets the request token URL.
-     * @return The request token URL
-     */
-    public String getRequestTokenUrl() {
-        return requestTokenUrl;
+    }
-    /**
-     * Gets the access token URL.
-     * @return The access token URL
-     */
-    @Override
-    public String getAccessTokenUrl() {
-        return accessTokenUrl;
+    }
-    @Override
-    public String getAuthorizationUrl() {
-        return this.authoriseUrl;
+    }
-    @Override
-    public OAuthVersion getOAuthVersion() {
-        return OAuthVersion.OAuth10a;
+    }
-    @Override
-    public String getClientId() {
-        return this.consumerKey;
+    }
-    @Override
-    public String getClientSecret() {
-        return this.consumerSecret;
+    }
-    /**
-     * Gets the authorise URL.
-     * @return The authorise URL
-     */
-    public String getAuthoriseUrl() {
-        return this.getAuthorizationUrl();
+    }
-    /**
-     * Gets the URL used to login users on the website (for automatic mode).
-     * @return The URL used to login users
-     */
-    public String getOsmLoginUrl() {
-        return osmLoginUrl;
+    }
-    /**
-     * Gets the URL used to logout users on the website (for automatic mode).
-     * @return The URL used to logout users
-     */
-    public String getOsmLogoutUrl() {
-        return osmLogoutUrl;
+    }
-    /**
-     * Builds an {@link OAuthConsumer} based on these parameters.
+     *
-     * @return the consumer
-     */
-    public OAuthConsumer buildConsumer() {
-        return new SignpostAdapters.OAuthConsumer(consumerKey, consumerSecret);
+    }
-    /**
-     * Builds an {@link OAuthProvider} based on these parameters and a OAuth consumer <code>consumer</code>.
+     *
-     * @param consumer the consumer. Must not be null.
-     * @return the provider
-     * @throws IllegalArgumentException if consumer is null
-     */
-    public OAuthProvider buildProvider(OAuthConsumer consumer) {
-        CheckParameterUtil.ensureParameterNotNull(consumer, "consumer");
-        return new SignpostAdapters.OAuthProvider(
-                requestTokenUrl,
-                accessTokenUrl,
-                authoriseUrl
-        );
+    }
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        OAuthParameters that = (OAuthParameters) o;
-        return Objects.equals(consumerKey, that.consumerKey) &&
-                Objects.equals(consumerSecret, that.consumerSecret) &&
-                Objects.equals(requestTokenUrl, that.requestTokenUrl) &&
-                Objects.equals(accessTokenUrl, that.accessTokenUrl) &&
-                Objects.equals(authoriseUrl, that.authoriseUrl) &&
-                Objects.equals(osmLoginUrl, that.osmLoginUrl) &&
-                Objects.equals(osmLogoutUrl, that.osmLogoutUrl);
+    }
-    @Override
-    public int hashCode() {
-        return Objects.hash(consumerKey, consumerSecret, requestTokenUrl, accessTokenUrl, authoriseUrl, osmLoginUrl, osmLogoutUrl);
+    }
+}

trunk/src/org/openstreetmap/josm/data/oauth/OAuthVersion.java

-              r18650
+              r18991
  */
 public enum OAuthVersion {
+    /** <a href="https://oauth.net/core/1.0a/">OAuth 1.0a</a> */
+    /**
+     * <a href="https://oauth.net/core/1.0a/">OAuth 1.0a</a>
+     * @deprecated The OSM API server has deprecated and will remove OAuth 1.0a support in June 2024.
+     */
+    @Deprecated
     OAuth10a,
     /** <a href="https://datatracker.ietf.org/doc/html/rfc6749">OAuth 2.0</a> */

trunk/src/org/openstreetmap/josm/gui/oauth/AbstractAuthorizationUI.java

-              r18650
+              r18991
 import org.openstreetmap.josm.data.oauth.IOAuthParameters;
+import org.openstreetmap.josm.data.oauth.IOAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuthParameters;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.widgets.VerticallyScrollablePanel;
 …
     private String apiUrl;
+    private final AdvancedOAuthPropertiesPanel pnlAdvancedProperties = new AdvancedOAuthPropertiesPanel(OAuthVersion.OAuth10a);
+    private transient OAuthToken accessToken;
+    /**
+     * Constructs a new {@code AbstractAuthorizationUI} without API URL.
+     * @since 10189
+     */
+    protected AbstractAuthorizationUI() {
+    }
+    private final AdvancedOAuthPropertiesPanel pnlAdvancedProperties;
+    private transient IOAuthToken accessToken;
     /**
      * Constructs a new {@code AbstractAuthorizationUI} for the given API URL.
+     * @param apiUrl The OSM API URL
+     * @since 5422
+     * @param apiUrl The OSM API URL (may be null)
+     * @param oAuthVersion The oauth version to use
+     * @since 18991
      */
+    protected AbstractAuthorizationUI(String apiUrl) {
+        setApiUrl(apiUrl);
+    protected AbstractAuthorizationUI(String apiUrl, OAuthVersion oAuthVersion) {
+        this.pnlAdvancedProperties = new AdvancedOAuthPropertiesPanel(oAuthVersion);
+        if (apiUrl != null) {
+            setApiUrl(apiUrl);
+        }
+    }
     protected void fireAccessTokenChanged(OAuthToken oldValue, OAuthToken newValue) {
+    protected void fireAccessTokenChanged(IOAuthToken oldValue, IOAuthToken newValue) {
         firePropertyChange(ACCESS_TOKEN_PROP, oldValue, newValue);
+    }
 …
      * @return the retrieved Access Token
      */
     public OAuthToken getAccessToken() {
+    public IOAuthToken getAccessToken() {
         return accessToken;
+    }
 …
      * @param accessToken the new access token. null, to clear the current access token
      */
     protected void setAccessToken(OAuthToken accessToken) {
         OAuthToken oldValue = this.accessToken;
+    protected void setAccessToken(IOAuthToken accessToken) {
+        IOAuthToken oldValue = this.accessToken;
         this.accessToken = accessToken;
         if (oldValue == null ^ this.accessToken == null) {
 …
             fireAccessTokenChanged(oldValue, this.accessToken);
+        }
+    }
+    /**
+     * Get the OAuth version for this AuthorizationUI
+     * @return The OAuth version
+     * @since 18991
+     */
+    public OAuthVersion getOAuthVersion() {
+        return this.pnlAdvancedProperties.getAdvancedParameters().getOAuthVersion();
+    }

trunk/src/org/openstreetmap/josm/gui/oauth/AccessTokenInfoPanel.java

-              r14977
+              r18991
 import javax.swing.JPanel;
+import org.openstreetmap.josm.data.oauth.IOAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuth20Token;
 import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.gui.widgets.JosmTextField;
+import org.openstreetmap.josm.tools.JosmRuntimeException;
 /**
  * Displays the key and the secret of an OAuth Access Token.
  * @since 2746
+ * Displays the key of an OAuth Access Token.
+ * @since 2746 (modified for OAuth 2 in 18991)
  */
 public class AccessTokenInfoPanel extends JPanel {
     private final JosmTextField tfAccessTokenKey = new JosmTextField(null, null, 0, false);
-    private final JosmTextField tfAccessTokenSecret = new JosmTextField(null, null, 0, false);
     private final JCheckBox cbSaveAccessTokenInPreferences = new JCheckBox(tr("Save Access Token in preferences"));
 …
         add(new JLabel(tr("Access Token Secret:")), gc);
-        gc.gridx = 1;
         gc.weightx = 1.0;
-        add(tfAccessTokenSecret, gc);
-        tfAccessTokenSecret.setEditable(false);
         // the checkbox
         gc.gridx = 0;
 …
      * @param token the access  token. If null, the content in the info panel is cleared
      */
     public void setAccessToken(OAuthToken token) {
+    public void setAccessToken(IOAuthToken token) {
         if (token == null) {
             tfAccessTokenKey.setText("");
-            tfAccessTokenSecret.setText("");
             return;
+        }
+        tfAccessTokenKey.setText(token.getKey());
+        tfAccessTokenSecret.setText(token.getSecret());
+        if (token instanceof OAuth20Token) {
+            tfAccessTokenKey.setText(((OAuth20Token) token).getBearerToken());
+        } else {
+            throw new JosmRuntimeException("Unknown token type: " + token.getClass());
+        }
+    }

trunk/src/org/openstreetmap/josm/gui/oauth/AdvancedOAuthPropertiesPanel.java

-              r18650
+              r18991
 import org.openstreetmap.josm.gui.HelpAwareOptionPane;
 import org.openstreetmap.josm.gui.HelpAwareOptionPane.ButtonSpec;
+import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.gui.help.HelpUtil;
+import org.openstreetmap.josm.gui.util.GuiHelper;
 import org.openstreetmap.josm.gui.widgets.JosmTextField;
 import org.openstreetmap.josm.gui.widgets.SelectAllOnFocusGainedDecorator;
 …
     private final JosmTextField tfAccessTokenURL = new JosmTextField();
     private final JosmTextField tfAuthoriseURL = new JosmTextField();
-    private final JosmTextField tfOsmLoginURL = new JosmTextField();
-    private final JosmTextField tfOsmLogoutURL = new JosmTextField();
     private final OAuthVersion oauthVersion;
     private transient UseDefaultItemListener ilUseDefault;
 …
         gc.weightx = 0.0;
         gc.gridwidth = 1;
+        if (this.oauthVersion == OAuthVersion.OAuth10a) {
+            add(new JLabel(tr("Consumer Key:")), gc);
+        } else {
+            add(new JLabel(tr("Client ID:")), gc);
+        }
+        add(new JLabel(tr("Client ID:")), gc);
         gc.gridx = 1;
 …
         gc.gridx = 0;
         gc.weightx = 0.0;
+        if (this.oauthVersion == OAuthVersion.OAuth10a) {
+            add(new JLabel(tr("Consumer Secret:")), gc);
+        } else {
+            add(new JLabel(tr("Client Secret:")), gc);
+        }
+        add(new JLabel(tr("Client Secret:")), gc);
         gc.gridx = 1;
 …
         gc.gridx = 0;
         gc.weightx = 0.0;
+        if (this.oauthVersion == OAuthVersion.OAuth10a) {
+            add(new JLabel(tr("Request Token URL:")), gc);
+        } else {
+            add(new JLabel(tr("Redirect URL:")), gc);
+        }
+        add(new JLabel(tr("Redirect URL:")), gc);
         gc.gridx = 1;
 …
         SelectAllOnFocusGainedDecorator.decorate(tfAuthoriseURL);
-        if (this.oauthVersion == OAuthVersion.OAuth10a) {
-            // -- OSM login URL
-            gc.gridy++;
-            gc.gridx = 0;
-            gc.weightx = 0.0;
-            add(new JLabel(tr("OSM login URL:")), gc);
-            gc.gridx = 1;
-            gc.weightx = 1.0;
-            add(tfOsmLoginURL, gc);
-            SelectAllOnFocusGainedDecorator.decorate(tfOsmLoginURL);
-            // -- OSM logout URL
-            gc.gridy++;
-            gc.gridx = 0;
-            gc.weightx = 0.0;
-            add(new JLabel(tr("OSM logout URL:")), gc);
-            gc.gridx = 1;
-            gc.weightx = 1.0;
-            add(tfOsmLogoutURL, gc);
-            SelectAllOnFocusGainedDecorator.decorate(tfOsmLogoutURL);
+        }
         ilUseDefault = new UseDefaultItemListener();
         cbUseDefaults.addItemListener(ilUseDefault);
+        cbUseDefaults.setSelected(Config.getPref().getBoolean("oauth.settings.use-default", true));
+    }
     protected boolean hasCustomSettings() {
         OAuthParameters params = OAuthParameters.createDefault(apiUrl);
+        IOAuthParameters params = OAuthParameters.createDefault(apiUrl, OAuthVersion.OAuth20);
         return !params.equals(getAdvancedParameters());
+    }
 …
     protected void resetToDefaultSettings() {
-        cbUseDefaults.setSelected(true);
         IOAuthParameters iParams = OAuthParameters.createDefault(apiUrl, this.oauthVersion);
+        switch (this.oauthVersion) {
+            case OAuth10a:
+                OAuthParameters params = (OAuthParameters) iParams;
+                tfConsumerKey.setText(params.getConsumerKey());
+                tfConsumerSecret.setText(params.getConsumerSecret());
+                tfRequestTokenURL.setText(params.getRequestTokenUrl());
+                tfAccessTokenURL.setText(params.getAccessTokenUrl());
+                tfAuthoriseURL.setText(params.getAuthoriseUrl());
+                tfOsmLoginURL.setText(params.getOsmLoginUrl());
+                tfOsmLogoutURL.setText(params.getOsmLogoutUrl());
+                break;
+            case OAuth20:
+            case OAuth21:
+                OAuth20Parameters params20 = (OAuth20Parameters) iParams;
+                tfConsumerKey.setText(params20.getClientId());
+                tfConsumerSecret.setText(params20.getClientSecret());
+                tfAccessTokenURL.setText(params20.getAccessTokenUrl());
+                tfAuthoriseURL.setText(params20.getAuthorizationUrl());
+                tfRequestTokenURL.setText(params20.getRedirectUri());
+        }
+        setChildComponentsEnabled(false);
+        GuiHelper.runInEDTAndWaitWithException(() -> {
+                    cbUseDefaults.setSelected(true);
+                    switch (this.oauthVersion) {
+                        case OAuth20:
+                        case OAuth21:
+                            OAuth20Parameters params20 = (OAuth20Parameters) iParams;
+                            tfConsumerKey.setText(params20.getClientId());
+                            tfConsumerSecret.setText(params20.getClientSecret());
+                            tfAccessTokenURL.setText(params20.getAccessTokenUrl());
+                            tfAuthoriseURL.setText(params20.getAuthorizationUrl());
+                            tfRequestTokenURL.setText(params20.getRedirectUri());
+                            break;
+                        default:
+                            throw new UnsupportedOperationException("Unsupported OAuth version: " + this.oauthVersion);
+                    }
+                    setChildComponentsEnabled(false);
+                });
+    }
 …
         if (cbUseDefaults.isSelected())
             return OAuthParameters.createDefault(apiUrl, this.oauthVersion);
-        if (this.oauthVersion == OAuthVersion.OAuth10a) {
-            return new OAuthParameters(
-                    tfConsumerKey.getText(),
-                    tfConsumerSecret.getText(),
-                    tfRequestTokenURL.getText(),
-                    tfAccessTokenURL.getText(),
-                    tfAuthoriseURL.getText(),
-                    tfOsmLoginURL.getText(),
-                    tfOsmLogoutURL.getText());
+        }
         return new OAuth20Parameters(
                 tfConsumerKey.getText(),
 …
             cbUseDefaults.setSelected(false);
             setChildComponentsEnabled(true);
+            if (parameters instanceof OAuthParameters) {
+                OAuthParameters parameters10 = (OAuthParameters) parameters;
+                tfConsumerKey.setText(parameters10.getConsumerKey() == null ? "" : parameters10.getConsumerKey());
+                tfConsumerSecret.setText(parameters10.getConsumerSecret() == null ? "" : parameters10.getConsumerSecret());
+                tfRequestTokenURL.setText(parameters10.getRequestTokenUrl() == null ? "" : parameters10.getRequestTokenUrl());
+                tfAccessTokenURL.setText(parameters10.getAccessTokenUrl() == null ? "" : parameters10.getAccessTokenUrl());
+                tfAuthoriseURL.setText(parameters10.getAuthoriseUrl() == null ? "" : parameters10.getAuthoriseUrl());
+                tfOsmLoginURL.setText(parameters10.getOsmLoginUrl() == null ? "" : parameters10.getOsmLoginUrl());
+                tfOsmLogoutURL.setText(parameters10.getOsmLogoutUrl() == null ? "" : parameters10.getOsmLogoutUrl());
+            } else if (parameters instanceof OAuth20Parameters) {
+            if (parameters instanceof OAuth20Parameters) {
                 OAuth20Parameters parameters20 = (OAuth20Parameters) parameters;
                 tfConsumerKey.setText(parameters20.getClientId());
 …
         boolean useDefault = Config.getPref().getBoolean("oauth.settings.use-default", true);
         ilUseDefault.setEnabled(false);
+        if (useDefault) {
+            resetToDefaultSettings();
+        } else {
+            setAdvancedParameters(OAuthParameters.createFromApiUrl(paramApiUrl));
+        }
+        ilUseDefault.setEnabled(true);
+        MainApplication.worker.execute(() -> {
+            if (useDefault) {
+                this.resetToDefaultSettings();
+            } else {
+                setAdvancedParameters(OAuthParameters.createFromApiUrl(paramApiUrl, OAuthVersion.OAuth20));
+            }
+            GuiHelper.runInEDT(() -> ilUseDefault.setEnabled(true));
+        });
+    }
 …
         Config.getPref().putBoolean("oauth.settings.use-default", cbUseDefaults.isSelected());
         if (cbUseDefaults.isSelected()) {
             new OAuthParameters(null, null, null, null, null, null, null).rememberPreferences();
+            MainApplication.worker.execute(() -> OAuthParameters.createDefault().rememberPreferences());
         } else {
             getAdvancedParameters().rememberPreferences();
 …
                     return;
+                }
                 resetToDefaultSettings();
+                MainApplication.worker.execute(AdvancedOAuthPropertiesPanel.this::resetToDefaultSettings);
                 break;
             case ItemEvent.DESELECTED:
 …
         this.apiUrl = apiUrl;
         if (cbUseDefaults.isSelected()) {
             resetToDefaultSettings();
+            MainApplication.worker.execute(this::resetToDefaultSettings);
+        }
+    }

trunk/src/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java

-              r18650
+              r18991
 import java.awt.event.ActionEvent;
 import java.io.IOException;
-import java.net.Authenticator.RequestorType;
-import java.net.PasswordAuthentication;
 import java.util.concurrent.Executor;
 …
 import javax.swing.JPanel;
 import javax.swing.JTabbedPane;
-import javax.swing.event.DocumentEvent;
-import javax.swing.event.DocumentListener;
-import javax.swing.text.JTextComponent;
 import javax.swing.text.html.HTMLEditorKit;
 import org.openstreetmap.josm.data.oauth.OAuthParameters;
 import org.openstreetmap.josm.data.oauth.OAuthToken;
+import org.openstreetmap.josm.data.oauth.IOAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.HelpAwareOptionPane;
 import org.openstreetmap.josm.gui.PleaseWaitRunnable;
 import org.openstreetmap.josm.gui.help.HelpUtil;
-import org.openstreetmap.josm.gui.preferences.server.UserNameValidator;
 import org.openstreetmap.josm.gui.util.GuiHelper;
-import org.openstreetmap.josm.gui.widgets.DefaultTextComponentValidator;
 import org.openstreetmap.josm.gui.widgets.HtmlPanel;
 import org.openstreetmap.josm.gui.widgets.JMultilineLabel;
-import org.openstreetmap.josm.gui.widgets.JosmPasswordField;
-import org.openstreetmap.josm.gui.widgets.JosmTextField;
-import org.openstreetmap.josm.gui.widgets.SelectAllOnFocusGainedDecorator;
 import org.openstreetmap.josm.gui.widgets.VerticallyScrollablePanel;
-import org.openstreetmap.josm.io.OsmApi;
 import org.openstreetmap.josm.io.OsmTransferException;
-import org.openstreetmap.josm.io.auth.CredentialsAgent;
-import org.openstreetmap.josm.io.auth.CredentialsAgentException;
-import org.openstreetmap.josm.io.auth.CredentialsManager;
 import org.openstreetmap.josm.tools.ImageProvider;
 import org.openstreetmap.josm.tools.Logging;
-import org.openstreetmap.josm.tools.Utils;
 import org.xml.sax.SAXException;
 /**
  * This is an UI which supports a JOSM user to get an OAuth Access Token in a fully
+ * This is a UI which supports a JOSM user to get an OAuth Access Token in a fully
  * automatic process.
+ *
 …
  */
 public class FullyAutomaticAuthorizationUI extends AbstractAuthorizationUI {
-    private final JosmTextField tfUserName = new JosmTextField();
-    private final JosmPasswordField tfPassword = new JosmPasswordField();
-    private transient UserNameValidator valUserName;
-    private transient PasswordValidator valPassword;
     private final AccessTokenInfoPanel pnlAccessTokenInfo = new AccessTokenInfoPanel();
     private OsmPrivilegesPanel pnlOsmPrivileges;
 …
                 + tr("Please enter your OSM user name and password. The password will <strong>not</strong> be saved "
                         + "in clear text in the JOSM preferences and it will be submitted to the OSM server <strong>only once</strong>. "
                         + "Subsequent data upload requests don''t use your password any more.").replaceAll("\\. ", ".<br>")
+                        + "Subsequent data upload requests don''t use your password any more.").replace(". ", ".<br>")
                         + "</p>"
                         + "</body></html>");
 …
         pnl.add(new JLabel(tr("Username: ")), gc);
-        gc.gridx = 1;
-        gc.weightx = 1.0;
-        pnl.add(tfUserName, gc);
-        SelectAllOnFocusGainedDecorator.decorate(tfUserName);
-        valUserName = new UserNameValidator(tfUserName);
-        valUserName.validate();
         // the password input field
         gc.anchor = GridBagConstraints.NORTHWEST;
 …
         pnl.add(new JLabel(tr("Password:")), gc);
+        // filler - grab remaining space
         gc.gridx = 1;
-        gc.weightx = 1.0;
-        pnl.add(tfPassword, gc);
-        SelectAllOnFocusGainedDecorator.decorate(tfPassword);
-        valPassword = new PasswordValidator(tfPassword);
-        valPassword.validate();
-        // filler - grab remaining space
         gc.gridy = 4;
         gc.gridwidth = 2;
 …
     /**
-     * Initializes the panel with values from the preferences
-     * @param paramApiUrl the API URL
-     */
-    @Override
-    public void initialize(String paramApiUrl) {
-        super.initialize(paramApiUrl);
-        CredentialsAgent cm = CredentialsManager.getInstance();
-        try {
-            PasswordAuthentication pa = cm.lookup(RequestorType.SERVER, OsmApi.getOsmApi().getHost());
-            if (pa == null) {
-                tfUserName.setText("");
-                tfPassword.setText("");
-            } else {
-                tfUserName.setText(pa.getUserName() == null ? "" : pa.getUserName());
-                tfPassword.setText(pa.getPassword() == null ? "" : String.valueOf(pa.getPassword()));
+            }
-        } catch (CredentialsAgentException e) {
-            Logging.error(e);
-            tfUserName.setText("");
-            tfPassword.setText("");
+        }
+    }
-    /**
      * Builds the panel with the action button  for starting the authorisation
+     *
 …
         RunAuthorisationAction runAuthorisationAction = new RunAuthorisationAction();
-        tfPassword.getDocument().addDocumentListener(runAuthorisationAction);
-        tfUserName.getDocument().addDocumentListener(runAuthorisationAction);
         pnl.add(new JButton(runAuthorisationAction));
         return pnl;
 …
+    }
-    protected String getOsmUserName() {
-        return tfUserName.getText();
+    }
-    protected String getOsmPassword() {
-        return String.valueOf(tfPassword.getPassword());
+    }
     /**
      * Constructs a new {@code FullyAutomaticAuthorizationUI} for the given API URL.
 …
      * @param executor the executor used for running the HTTP requests for the authorization
      * @since 5422
+     */
+     * @deprecated since 18991
+     */
+    @Deprecated
     public FullyAutomaticAuthorizationUI(String apiUrl, Executor executor) {
+        super(apiUrl);
+        this(apiUrl, executor, OAuthVersion.OAuth10a);
+    }
+    /**
+     * Constructs a new {@code FullyAutomaticAuthorizationUI} for the given API URL.
+     * @param apiUrl The OSM API URL
+     * @param executor the executor used for running the HTTP requests for the authorization
+     * @param oAuthVersion The OAuth version to use for this UI
+     * @since 18991
+     */
+    public FullyAutomaticAuthorizationUI(String apiUrl, Executor executor, OAuthVersion oAuthVersion) {
+        super(apiUrl, oAuthVersion);
         this.executor = executor;
         build();
 …
     @Override
     protected void setAccessToken(OAuthToken accessToken) {
+    protected void setAccessToken(IOAuthToken accessToken) {
         super.setAccessToken(accessToken);
         pnlAccessTokenInfo.setAccessToken(accessToken);
 …
      * Starts the authorisation process
      */
     class RunAuthorisationAction extends AbstractAction implements DocumentListener {
+    class RunAuthorisationAction extends AbstractAction {
         RunAuthorisationAction() {
             putValue(NAME, tr("Authorize now"));
             new ImageProvider("oauth", "oauth-small").getResource().attachImageIcon(this);
             putValue(SHORT_DESCRIPTION, tr("Click to redirect you to the authorization form on the JOSM web site"));
-            updateEnabledState();
+        }
 …
         public void actionPerformed(ActionEvent evt) {
             executor.execute(new FullyAutomaticAuthorisationTask(FullyAutomaticAuthorizationUI.this));
+        }
-        protected final void updateEnabledState() {
-            setEnabled(valPassword.isValid() && valUserName.isValid());
+        }
-        @Override
-        public void changedUpdate(DocumentEvent e) {
-            updateEnabledState();
+        }
-        @Override
-        public void insertUpdate(DocumentEvent e) {
-            updateEnabledState();
+        }
-        @Override
-        public void removeUpdate(DocumentEvent e) {
-            updateEnabledState();
+        }
+    }
 …
                     FullyAutomaticAuthorizationUI.this,
                     getApiUrl(),
-                    (OAuthParameters) getAdvancedPropertiesPanel().getAdvancedParameters(),
                     getAccessToken()
             ));
+        }
+    }
-    static class PasswordValidator extends DefaultTextComponentValidator {
-        PasswordValidator(JTextComponent tc) {
-            super(tc, tr("Please enter your OSM password"), tr("The password cannot be empty. Please enter your OSM password"));
+        }
+    }
 …
                             + "Please check your advanced setting and try again."
                             + "</html>",
                             ((OAuthParameters) getAdvancedPropertiesPanel().getAdvancedParameters()).getAuthoriseUrl()),
+                            getAdvancedPropertiesPanel().getAdvancedParameters().getAuthorizationUrl()),
                     tr("OAuth authorization failed"),
                     JOptionPane.ERROR_MESSAGE,
 …
+        }
-        protected void alertLoginFailed() {
-            final String loginUrl = ((OAuthParameters) getAdvancedPropertiesPanel().getAdvancedParameters()).getOsmLoginUrl();
-            HelpAwareOptionPane.showOptionDialog(
-                    FullyAutomaticAuthorizationUI.this,
-                    tr("<html>"
-                            + "The automatic process for retrieving an OAuth Access Token<br>"
-                            + "from the OSM server failed. JOSM failed to log into {0}<br>"
-                            + "for user {1}.<br><br>"
-                            + "Please check username and password and try again."
-                            +"</html>",
-                            loginUrl,
-                            Utils.escapeReservedCharactersHTML(getOsmUserName())),
-                    tr("OAuth authorization failed"),
-                    JOptionPane.ERROR_MESSAGE,
-                    HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#FullyAutomaticProcessFailed")
-            );
+        }
         protected void handleException(final OsmOAuthAuthorizationException e) {
+            Runnable r = () -> {
+                if (e instanceof OsmLoginFailedException) {
+                    alertLoginFailed();
+                } else {
+                    alertAuthorisationFailed();
+            Logging.error(e);
+            GuiHelper.runInEDT(this::alertAuthorisationFailed);
+        }
+        @Override
+        protected void realRun() throws SAXException, IOException, OsmTransferException {
+            getProgressMonitor().setTicksCount(2);
+            OAuthAuthorizationWizard.authorize(true, token -> {
+                if (!canceled) {
+                    getProgressMonitor().worked(1);
+                    GuiHelper.runInEDT(() -> {
+                        prepareUIForResultDisplay();
+                        setAccessToken(token.orElse(null));
+                    });
+                }
+            };
+            Logging.error(e);
+            GuiHelper.runInEDT(r);
+        }
+        @Override
+        protected void realRun() throws SAXException, IOException, OsmTransferException {
+            try {
+                getProgressMonitor().setTicksCount(3);
+                OsmOAuthAuthorizationClient authClient = new OsmOAuthAuthorizationClient(
+                        (OAuthParameters) getAdvancedPropertiesPanel().getAdvancedParameters()
+                );
+                OAuthToken requestToken = authClient.getRequestToken(
+                        getProgressMonitor().createSubTaskMonitor(1, false)
+                );
+                getProgressMonitor().worked(1);
+                if (canceled) return;
+                authClient.authorise(
+                        requestToken,
+                        getOsmUserName(),
+                        getOsmPassword(),
+                        pnlOsmPrivileges.getPrivileges(),
+                        getProgressMonitor().createSubTaskMonitor(1, false)
+                );
+                getProgressMonitor().worked(1);
+                if (canceled) return;
+                final OAuthToken accessToken = authClient.getAccessToken(
+                        getProgressMonitor().createSubTaskMonitor(1, false)
+                );
+                getProgressMonitor().worked(1);
+                if (canceled) return;
+                GuiHelper.runInEDT(() -> {
+                    prepareUIForResultDisplay();
+                    setAccessToken(accessToken);
+                });
+            } catch (final OsmOAuthAuthorizationException e) {
+                handleException(e);
+            }
+            }, getApiUrl(), getOAuthVersion());
+            getProgressMonitor().worked(1);
+        }
+    }

trunk/src/org/openstreetmap/josm/gui/oauth/ManualAuthorizationUI.java

-              r18650
+              r18991
 import javax.swing.text.JTextComponent;
+import org.openstreetmap.josm.data.oauth.OAuth20Exception;
+import org.openstreetmap.josm.data.oauth.OAuth20Token;
 import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
+import org.openstreetmap.josm.data.oauth.OAuthParameters;
+import org.openstreetmap.josm.data.oauth.OAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.widgets.DefaultTextComponentValidator;
 import org.openstreetmap.josm.gui.widgets.HtmlPanel;
 …
 import org.openstreetmap.josm.gui.widgets.SelectAllOnFocusGainedDecorator;
 import org.openstreetmap.josm.tools.ImageProvider;
+import org.openstreetmap.josm.tools.JosmRuntimeException;
 /**
 …
     private final JosmTextField tfAccessTokenKey = new JosmTextField();
     private transient AccessTokenKeyValidator valAccessTokenKey;
-    private final JosmTextField tfAccessTokenSecret = new JosmTextField();
-    private transient AccessTokenSecretValidator valAccessTokenSecret;
     private final JCheckBox cbSaveToPreferences = new JCheckBox(tr("Save Access Token in preferences"));
     private final HtmlPanel pnlMessage = new HtmlPanel();
 …
      * @param executor the executor used for running the HTTP requests for the authorization
      * @since 5422
+     * @deprecated since 18991, use {@link ManualAuthorizationUI#ManualAuthorizationUI(String, Executor, OAuthVersion)}
+     * instead.
      */
+    @Deprecated
     public ManualAuthorizationUI(String apiUrl, Executor executor) {
+        super(/* dont pass apiURL because setApiUrl is overridden and references a local field */);
+        this(apiUrl, executor, OAuthVersion.OAuth10a);
+    }
+    /**
+     * Constructs a new {@code ManualAuthorizationUI} for the given API URL.
+     * @param apiUrl The OSM API URL
+     * @param executor the executor used for running the HTTP requests for the authorization
+     * @param oAuthVersion The OAuthVersion to use for this UI
+     * @since 18991
+     */
+    public ManualAuthorizationUI(String apiUrl, Executor executor, OAuthVersion oAuthVersion) {
+        super(null /* don't pass apiURL because setApiUrl is overridden and references a local field */,
+                oAuthVersion);
         setApiUrl(apiUrl);
         this.executor = executor;
 …
         tfAccessTokenKey.getDocument().addDocumentListener(accessTokenBuilder);
-        // the access token key input field
-        gc.gridy = 2;
-        gc.gridx = 0;
-        gc.weightx = 0.0;
-        pnl.add(new JLabel(tr("Access Token Secret:")), gc);
-        gc.gridx = 1;
-        gc.weightx = 1.0;
-        pnl.add(tfAccessTokenSecret, gc);
-        SelectAllOnFocusGainedDecorator.decorate(tfAccessTokenSecret);
-        valAccessTokenSecret = new AccessTokenSecretValidator(tfAccessTokenSecret);
-        valAccessTokenSecret.validate();
-        tfAccessTokenSecret.getDocument().addDocumentListener(accessTokenBuilder);
         // the checkbox for saving to preferences
         gc.gridy = 3;
 …
+    }
-    private static class AccessTokenSecretValidator extends DefaultTextComponentValidator {
-        AccessTokenSecretValidator(JTextComponent tc) {
-            super(tc, tr("Please enter an Access Token Secret"),
-                      tr("The Access Token Secret must not be empty. Please enter an Access Token Secret"));
+        }
+    }
     class AccessTokenBuilder implements DocumentListener {
         public void build() {
             if (!valAccessTokenKey.isValid() || !valAccessTokenSecret.isValid()) {
+            if (!valAccessTokenKey.isValid()) {
                 setAccessToken(null);
             } else {
+                setAccessToken(new OAuthToken(tfAccessTokenKey.getText().trim(), tfAccessTokenSecret.getText().trim()));
+                try {
+                    setAccessToken(new OAuth20Token(getOAuthParameters(), "{\"token_type\":\"bearer\", \"access_token\""
+                            + tfAccessTokenKey.getText().trim() + "\"}"));
+                } catch (OAuth20Exception e) {
+                    throw new JosmRuntimeException(e);
+                }
+            }
+        }
 …
                     ManualAuthorizationUI.this,
                     getApiUrl(),
-                    (OAuthParameters) getAdvancedPropertiesPanel().getAdvancedParameters(),
                     getAccessToken()
             );

trunk/src/org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java

-              r18650
+              r18991
 import java.net.URL;
 import java.util.Objects;
+import java.util.Optional;
 import java.util.concurrent.Executor;
 import java.util.concurrent.FutureTask;
+import java.util.function.Consumer;
 import javax.swing.AbstractAction;
 …
 import javax.swing.JButton;
 import javax.swing.JDialog;
+import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import javax.swing.JScrollPane;
 …
 import javax.swing.text.html.HTMLEditorKit;
+import org.openstreetmap.josm.data.oauth.IOAuthParameters;
+import org.openstreetmap.josm.data.oauth.IOAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuth20Authorization;
 import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
 import org.openstreetmap.josm.data.oauth.OAuthParameters;
+import org.openstreetmap.josm.data.oauth.OAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuthVersion;
+import org.openstreetmap.josm.data.oauth.osm.OsmScopes;
 import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.gui.help.ContextSensitiveHelpAction;
 …
 import org.openstreetmap.josm.gui.widgets.HtmlPanel;
 import org.openstreetmap.josm.gui.widgets.JMultilineLabel;
+import org.openstreetmap.josm.io.auth.CredentialsManager;
+import org.openstreetmap.josm.io.remotecontrol.RemoteControl;
 import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.tools.GBC;
 …
     private final AuthorizationProcedure procedure;
     private final String apiUrl;
+    private final OAuthVersion oAuthVersion;
     private FullyAutomaticAuthorizationUI pnlFullyAutomaticAuthorisationUI;
-    private SemiAutomaticAuthorizationUI pnlSemiAutomaticAuthorisationUI;
     private ManualAuthorizationUI pnlManualAuthorisationUI;
     private JScrollPane spAuthorisationProcedureUI;
 …
     /**
      * Launches the wizard, {@link OAuthAccessTokenHolder#setAccessToken(OAuthToken) sets the token}
+     * Launches the wizard, {@link OAuthAccessTokenHolder#setAccessToken(String, IOAuthToken)} sets the token
      * and {@link OAuthAccessTokenHolder#setSaveToPreferences(boolean) saves to preferences}.
+     * @param callback Callback to run when authorization is finished
      * @throws UserCancelException if user cancels the operation
      */
+    public void showDialog() throws UserCancelException {
+        setVisible(true);
+        if (isCanceled()) {
+            throw new UserCancelException();
+    public void showDialog(Consumer<Optional<IOAuthToken>> callback) throws UserCancelException {
+        if ((this.oAuthVersion == OAuthVersion.OAuth20 || this.oAuthVersion == OAuthVersion.OAuth21)
+        && this.procedure == AuthorizationProcedure.FULLY_AUTOMATIC) {
+            authorize(true, callback, this.apiUrl, this.oAuthVersion);
+        } else {
+            setVisible(true);
+            if (isCanceled()) {
+                throw new UserCancelException();
+            }
+        }
         OAuthAccessTokenHolder holder = OAuthAccessTokenHolder.getInstance();
         holder.setAccessToken(getAccessToken());
+        holder.setAccessToken(apiUrl, getAccessToken());
         holder.setSaveToPreferences(isSaveAccessTokenToPreferences());
+    }
+    /**
+     * Perform the oauth dance
+     * @param startRemoteControl {@code true} to start remote control if it is not already running
+     * @param callback The callback to use to notify that the OAuth dance succeeded
+     * @param apiUrl The API URL to get the token for
+     * @param oAuthVersion The OAuth version that the authorization dance is force
+     */
+    static void authorize(boolean startRemoteControl, Consumer<Optional<IOAuthToken>> callback, String apiUrl, OAuthVersion oAuthVersion) {
+        final boolean remoteControlIsRunning = Boolean.TRUE.equals(RemoteControl.PROP_REMOTECONTROL_ENABLED.get());
+        // TODO: Ask user if they want to start remote control?
+        if (!remoteControlIsRunning && startRemoteControl) {
+            RemoteControl.start();
+        }
+        new OAuth20Authorization().authorize(OAuthParameters.createDefault(apiUrl, oAuthVersion), token -> {
+                    if (!remoteControlIsRunning) {
+                        RemoteControl.stop();
+                    }
+                    OAuthAccessTokenHolder.getInstance().setAccessToken(apiUrl, token.orElse(null));
+                    OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
+                    if (!token.isPresent()) {
+                        GuiHelper.runInEDT(() -> JOptionPane.showMessageDialog(MainApplication.getMainPanel(),
+                                tr("Authentication failed, please check browser for details."),
+                                tr("OAuth Authentication Failed"),
+                                JOptionPane.ERROR_MESSAGE));
+                    }
+                    if (callback != null) {
+                        callback.accept(token);
+                    }
+                }, OsmScopes.read_gpx, OsmScopes.write_gpx,
+                OsmScopes.read_prefs, OsmScopes.write_prefs,
+                OsmScopes.write_api, OsmScopes.write_notes);
+    }
 …
         AcceptAccessTokenAction actAcceptAccessToken = new AcceptAccessTokenAction();
         pnlFullyAutomaticAuthorisationUI.addPropertyChangeListener(actAcceptAccessToken);
-        pnlSemiAutomaticAuthorisationUI.addPropertyChangeListener(actAcceptAccessToken);
         pnlManualAuthorisationUI.addPropertyChangeListener(actAcceptAccessToken);
 …
             pnlFullyAutomaticAuthorisationUI.revalidate();
             break;
-        case SEMI_AUTOMATIC:
-            spAuthorisationProcedureUI.getViewport().setView(pnlSemiAutomaticAuthorisationUI);
-            pnlSemiAutomaticAuthorisationUI.revalidate();
-            break;
         case MANUALLY:
             spAuthorisationProcedureUI.getViewport().setView(pnlManualAuthorisationUI);
             pnlManualAuthorisationUI.revalidate();
             break;
+        default:
+            throw new UnsupportedOperationException("Unsupported auth type: " + procedure);
+        }
         validate();
 …
         this.setMinimumSize(new Dimension(500, 300));
+        pnlFullyAutomaticAuthorisationUI = new FullyAutomaticAuthorizationUI(apiUrl, executor);
+        pnlSemiAutomaticAuthorisationUI = new SemiAutomaticAuthorizationUI(apiUrl, executor);
+        pnlManualAuthorisationUI = new ManualAuthorizationUI(apiUrl, executor);
+        pnlFullyAutomaticAuthorisationUI = new FullyAutomaticAuthorizationUI(apiUrl, executor, oAuthVersion);
+        pnlManualAuthorisationUI = new ManualAuthorizationUI(apiUrl, executor, oAuthVersion);
         spAuthorisationProcedureUI = GuiHelper.embedInVerticalScrollPane(new JPanel());
 …
      * @param apiUrl the API URL. Must not be null.
      * @param executor the executor used for running the HTTP requests for the authorization
+     * @param oAuthVersion The OAuth version this wizard is for
      * @throws IllegalArgumentException if apiUrl is null
      */
+    public OAuthAuthorizationWizard(Component parent, AuthorizationProcedure procedure, String apiUrl, Executor executor) {
+    public OAuthAuthorizationWizard(Component parent, AuthorizationProcedure procedure, String apiUrl,
+                                    Executor executor, OAuthVersion oAuthVersion) {
         super(GuiHelper.getFrameForComponent(parent), ModalityType.DOCUMENT_MODAL);
         this.procedure = Objects.requireNonNull(procedure, "procedure");
         this.apiUrl = Objects.requireNonNull(apiUrl, "apiUrl");
         this.executor = executor;
+        this.oAuthVersion = oAuthVersion;
         build();
+    }
 …
         case FULLY_AUTOMATIC: return pnlFullyAutomaticAuthorisationUI;
         case MANUALLY: return pnlManualAuthorisationUI;
-        case SEMI_AUTOMATIC: return pnlSemiAutomaticAuthorisationUI;
         default: return null;
+        }
 …
      * @return the access token. May be null if the wizard was canceled.
      */
     public OAuthToken getAccessToken() {
+    public IOAuthToken getAccessToken() {
         return getCurrentAuthorisationUI().getAccessToken();
+    }
 …
      * @return the current OAuth parameters.
      */
     public OAuthParameters getOAuthParameters() {
         return (OAuthParameters) getCurrentAuthorisationUI().getOAuthParameters();
+    public IOAuthParameters getOAuthParameters() {
+        return getCurrentAuthorisationUI().getOAuthParameters();
+    }
 …
     public void initFromPreferences() {
         pnlFullyAutomaticAuthorisationUI.initialize(apiUrl);
-        pnlSemiAutomaticAuthorisationUI.initialize(apiUrl);
         pnlManualAuthorisationUI.initialize(apiUrl);
+    }
 …
                     MainApplication.getMainFrame(),
                     AuthorizationProcedure.FULLY_AUTOMATIC,
+                    serverUrl.toExternalForm(), Utils.newDirectExecutor());
+            wizard.showDialog();
+                    serverUrl.toString(), Utils.newDirectExecutor(),
+                    OAuthVersion.OAuth20);
+            wizard.showDialog(null);
             return wizard;
         });
 …
+        }
+        public final void updateEnabledState(OAuthToken token) {
+        /**
+         * Update the enabled state
+         * @param token The token to use
+         * @since 18991
+         */
+        public final void updateEnabledState(IOAuthToken token) {
             setEnabled(token != null);
+        }
 …
             if (!evt.getPropertyName().equals(AbstractAuthorizationUI.ACCESS_TOKEN_PROP))
                 return;
             updateEnabledState((OAuthToken) evt.getNewValue());
+            updateEnabledState((IOAuthToken) evt.getNewValue());
+        }
+    }

trunk/src/org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java

-              r18918
+              r18991
 import javax.xml.parsers.ParserConfigurationException;
-import org.openstreetmap.josm.data.oauth.IOAuthParameters;
 import org.openstreetmap.josm.data.oauth.IOAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuth20Token;
+import org.openstreetmap.josm.data.oauth.OAuthParameters;
+import org.openstreetmap.josm.data.oauth.OAuthToken;
+import org.openstreetmap.josm.data.oauth.OAuthException;
 import org.openstreetmap.josm.data.osm.UserInfo;
 import org.openstreetmap.josm.gui.HelpAwareOptionPane;
 …
 import org.xml.sax.SAXException;
-import oauth.signpost.OAuthConsumer;
-import oauth.signpost.exception.OAuthException;
 /**
  * Checks whether an OSM API server can be accessed with a specific Access Token.
+ *
+ * <p>
  * It retrieves the user details for the user which is authorized to access the server with
  * this token.
 …
  */
 public class TestAccessTokenTask extends PleaseWaitRunnable {
-    private final OAuthToken tokenOAuth1;
     private final IOAuthToken tokenOAuth2;
-    private final IOAuthParameters oauthParameters;
     private boolean canceled;
     private final Component parent;
 …
      * @param parent the parent component relative to which the  {@link PleaseWaitRunnable}-Dialog is displayed
      * @param apiUrl the API URL. Must not be null.
-     * @param parameters the OAuth parameters. Must not be null.
      * @param accessToken the Access Token. Must not be null.
+     * @since 18991
      */
     public TestAccessTokenTask(Component parent, String apiUrl, OAuthParameters parameters, OAuthToken accessToken) {
+    public TestAccessTokenTask(Component parent, String apiUrl, IOAuthToken accessToken) {
         super(parent, tr("Testing OAuth Access Token"), false /* don't ignore exceptions */);
         CheckParameterUtil.ensureParameterNotNull(apiUrl, "apiUrl");
-        CheckParameterUtil.ensureParameterNotNull(parameters, "parameters");
         CheckParameterUtil.ensureParameterNotNull(accessToken, "accessToken");
-        this.tokenOAuth1 = accessToken;
-        this.tokenOAuth2 = null;
-        this.oauthParameters = parameters;
-        this.parent = parent;
-        this.apiUrl = apiUrl;
+    }
-    /**
-     * Create the task
+     *
-     * @param parent the parent component relative to which the  {@link PleaseWaitRunnable}-Dialog is displayed
-     * @param apiUrl the API URL. Must not be null.
-     * @param parameters the OAuth parameters. Must not be null.
-     * @param accessToken the Access Token. Must not be null.
-     * @since 18764
-     */
-    public TestAccessTokenTask(Component parent, String apiUrl, IOAuthParameters parameters, IOAuthToken accessToken) {
-        super(parent, tr("Testing OAuth Access Token"), false /* don't ignore exceptions */);
-        CheckParameterUtil.ensureParameterNotNull(apiUrl, "apiUrl");
-        CheckParameterUtil.ensureParameterNotNull(parameters, "parameters");
-        CheckParameterUtil.ensureParameterNotNull(accessToken, "accessToken");
-        this.tokenOAuth1 = null;
         this.tokenOAuth2 = accessToken;
-        this.oauthParameters = parameters;
         this.parent = parent;
         this.apiUrl = apiUrl;
 …
     protected void sign(HttpClient con) throws OAuthException {
+        if (oauthParameters instanceof OAuthParameters) {
+            OAuthConsumer consumer = ((OAuthParameters) oauthParameters).buildConsumer();
+            consumer.setTokenWithSecret(tokenOAuth1.getKey(), tokenOAuth1.getSecret());
+            consumer.sign(con);
+        } else {
+            try {
+                this.tokenOAuth2.sign(con);
+            } catch (org.openstreetmap.josm.data.oauth.OAuthException e) {
+                // Adapt our OAuthException to the SignPost OAuth exception
+                throw new OAuthException(e) {};
+            }
+        }
+        this.tokenOAuth2.sign(con);
+    }
 …
     private String getAuthKey() {
-        if (this.tokenOAuth1 != null) {
-            return this.tokenOAuth1.getKey();
+        }
         if (this.tokenOAuth2 instanceof OAuth20Token) {
             return ((OAuth20Token) this.tokenOAuth2).getBearerToken();
+        }
         throw new IllegalArgumentException("Only OAuth1 and OAuth2 tokens are understood: " + this.tokenOAuth2);
+        throw new IllegalArgumentException("Only OAuth2 tokens are understood: " + this.tokenOAuth2);
+    }
+}

trunk/src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java

-              r18828
+              r18991
     /** indicates whether we use basic authentication */
     private final JRadioButton rbBasicAuthentication = new JRadioButton();
-    /** indicates whether we use OAuth 1.0a as authentication scheme */
-    private final JRadioButton rbOAuth = new JRadioButton();
     /** indicates whether we use OAuth 2.0 as authentication scheme */
     private final JRadioButton rbOAuth20 = new JRadioButton();
 …
     /** the panel for the basic authentication parameters */
     private BasicAuthenticationPreferencesPanel pnlBasicAuthPreferences;
-    /** the panel for the OAuth 1.0a authentication parameters */
-    private OAuthAuthenticationPreferencesPanel pnlOAuthPreferences;
     /** the panel for the OAuth 2.0 authentication parameters */
     private OAuthAuthenticationPreferencesPanel pnlOAuth20Preferences;
 …
         final boolean defaultApi = JosmUrls.getInstance().getDefaultOsmApiUrl().equals(apiUrl);
         rbBasicAuthentication.setEnabled(rbBasicAuthentication.isSelected() || "basic".equals(authMethod) || isExpert || !defaultApi);
-        rbOAuth.setEnabled(rbOAuth.isSelected() || "oauth".equals(authMethod) || isExpert || !defaultApi);
     };
 …
         rbBasicAuthentication.setToolTipText(tr("Select to use HTTP basic authentication with your OSM username and password"));
         rbBasicAuthentication.addItemListener(authChangeListener);
-        //-- radio button for OAuth 1.0a
-        buttonPanel.add(rbOAuth);
-        rbOAuth.setText(tr("Use OAuth {0}", "1.0a"));
-        rbOAuth.setToolTipText(tr("Select to use OAuth {0} as authentication mechanism", "1.0a"));
-        rbOAuth.addItemListener(authChangeListener);
         //-- radio button for OAuth 2.0
         buttonPanel.add(rbOAuth20);
+        rbOAuth20.setSelected(true); // This must before adding the listener; otherwise, saveToPreferences is called prior to initFromPreferences
         rbOAuth20.setText(tr("Use OAuth {0}", "2.0"));
         rbOAuth20.setToolTipText(tr("Select to use OAuth {0} as authentication mechanism", "2.0"));
 …
         ButtonGroup bg = new ButtonGroup();
         bg.add(rbBasicAuthentication);
-        bg.add(rbOAuth);
         bg.add(rbOAuth20);
 …
         //-- the two panels for authentication parameters
         pnlBasicAuthPreferences = new BasicAuthenticationPreferencesPanel();
-        pnlOAuthPreferences = new OAuthAuthenticationPreferencesPanel(OAuthVersion.OAuth10a);
         pnlOAuth20Preferences = new OAuthAuthenticationPreferencesPanel(OAuthVersion.OAuth20);
         ExpertToggleAction.addExpertModeChangeListener(expertModeChangeListener, true);
-        rbOAuth20.setSelected(true);
         pnlAuthenticationParameters.add(pnlOAuth20Preferences, BorderLayout.CENTER);
+    }
 …
     public final void initFromPreferences() {
         final String authMethod = OsmApi.getAuthMethod();
+        switch (authMethod) {
+            case "basic":
+                rbBasicAuthentication.setSelected(true);
+                break;
+            case "oauth":
+                rbOAuth.setSelected(true);
+                break;
+            case "oauth20":
+                rbOAuth20.setSelected(true);
+                break;
+            default:
+                Logging.warn(tr("Unsupported value in preference ''{0}'', got ''{1}''. Using authentication method ''Basic Authentication''.",
+                        "osm-server.auth-method", authMethod));
+                rbBasicAuthentication.setSelected(true);
+        if ("basic".equals(authMethod)) {
+            rbBasicAuthentication.setSelected(true);
+        } else if ("oauth20".equals(authMethod)) {
+            rbOAuth20.setSelected(true);
+        } else {
+            Logging.warn(
+                    tr("Unsupported value in preference ''{0}'', got ''{1}''. Using authentication method ''OAuth 2.0 Authentication''.",
+                            "osm-server.auth-method", authMethod));
+            rbOAuth20.setSelected(true);
+        }
         pnlBasicAuthPreferences.initFromPreferences();
-        pnlOAuthPreferences.initFromPreferences();
         pnlOAuth20Preferences.initFromPreferences();
+    }
 …
         if (rbBasicAuthentication.isSelected()) {
             authMethod = "basic";
-        } else if (rbOAuth.isSelected()) {
-            authMethod = "oauth";
         } else if (rbOAuth20.isSelected()) {
             authMethod = "oauth20";
 …
             OAuthAccessTokenHolder.getInstance().clear();
             OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
+        } else if ("oauth".equals(authMethod)) {
+        } else if ("oauth20".equals(authMethod)) {
+            // oauth20
             // clear the password in the preferences
             pnlBasicAuthPreferences.clearPassword();
-            pnlBasicAuthPreferences.saveToPreferences();
-            pnlOAuthPreferences.saveToPreferences();
-        } else { // oauth20
-            // clear the password in the preferences
-            pnlBasicAuthPreferences.clearPassword();
-            pnlBasicAuthPreferences.saveToPreferences();
             pnlOAuth20Preferences.saveToPreferences();
+        }
 …
             if ("basic".equals(authMethod)) {
                 UserIdentityManager.getInstance().initFromPreferences();
+            } else if (OsmApi.isUsingOAuthAndOAuthSetUp(OsmApi.getOsmApi())) {
+                UserIdentityManager.getInstance().initFromOAuth();
             } else {
                 UserIdentityManager.getInstance().initFromOAuth();
+                UserIdentityManager.getInstance().setAnonymous();
+            }
+        }
 …
                 pnlAuthenticationParameters.add(pnlBasicAuthPreferences, BorderLayout.CENTER);
                 pnlBasicAuthPreferences.revalidate();
-            } else if (rbOAuth.isSelected()) {
-                pnlAuthenticationParameters.add(pnlOAuthPreferences, BorderLayout.CENTER);
-                pnlOAuthPreferences.saveToPreferences();
-                pnlOAuthPreferences.initFromPreferences();
-                pnlOAuthPreferences.revalidate();
             } else if (rbOAuth20.isSelected()) {
                 pnlAuthenticationParameters.add(pnlOAuth20Preferences, BorderLayout.CENTER);
 …
     @Override
     public void propertyChange(PropertyChangeEvent evt) {
-        if (pnlOAuthPreferences != null) {
-            pnlOAuthPreferences.propertyChange(evt);
+        }
         if (pnlOAuth20Preferences != null) {
             pnlOAuth20Preferences.propertyChange(evt);

trunk/src/org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanel.java

-              r18786
+              r18991
 import java.awt.BorderLayout;
 import java.awt.Color;
+import java.awt.Component;
 import java.awt.FlowLayout;
 import java.awt.Font;
 …
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
+import java.net.URI;
+import java.util.Arrays;
+import java.util.Objects;
 import javax.swing.AbstractAction;
 …
 import javax.swing.JCheckBox;
 import javax.swing.JLabel;
-import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import org.openstreetmap.josm.actions.ExpertToggleAction;
 import org.openstreetmap.josm.data.oauth.IOAuthToken;
-import org.openstreetmap.josm.data.oauth.OAuth20Authorization;
 import org.openstreetmap.josm.data.oauth.OAuth20Token;
 import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
 import org.openstreetmap.josm.data.oauth.OAuthParameters;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.data.oauth.osm.OsmScopes;
+import org.openstreetmap.josm.data.validation.routines.DomainValidator;
 import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.gui.oauth.AdvancedOAuthPropertiesPanel;
 …
 import org.openstreetmap.josm.io.OsmApi;
 import org.openstreetmap.josm.io.auth.CredentialsManager;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControl;
 import org.openstreetmap.josm.tools.GBC;
 import org.openstreetmap.josm.tools.ImageProvider;
 import org.openstreetmap.josm.tools.Logging;
 import org.openstreetmap.josm.tools.UserCancelException;
+import org.openstreetmap.josm.tools.Utils;
 /**
 …
     /**
-     * Create the panel. Uses {@link OAuthVersion#OAuth10a}.
-     */
-    public OAuthAuthenticationPreferencesPanel() {
-        this(OAuthVersion.OAuth10a);
+    }
-    /**
      * Create the panel.
      * @param oAuthVersion The OAuth version to use
 …
         this.oAuthVersion = oAuthVersion;
         // These must come after we set the oauth version
+        this.pnlAdvancedProperties = new AdvancedOAuthPropertiesPanel(this.oAuthVersion);
         this.pnlNotYetAuthorised = new NotYetAuthorisedPanel();
-        this.pnlAdvancedProperties = new AdvancedOAuthPropertiesPanel(this.oAuthVersion);
         this.pnlAlreadyAuthorised = new AlreadyAuthorisedPanel();
         build();
 …
         setLayout(new GridBagLayout());
         setBorder(BorderFactory.createEmptyBorder(5, 5, 5, 5));
-        GridBagConstraints gc = new GridBagConstraints();
         // the panel for the OAuth parameters. pnlAuthorisationMessage is an
         // empty panel. It is going to be filled later, depending on the
         // current OAuth state in JOSM.
+        gc.fill = GridBagConstraints.BOTH;
+        gc.anchor = GridBagConstraints.NORTHWEST;
+        gc.weighty = 1.0;
+        gc.weightx = 1.0;
+        gc.insets = new Insets(10, 0, 0, 0);
+        add(pnlAuthorisationMessage, gc);
+        add(pnlAuthorisationMessage, GBC.eol().fill(GridBagConstraints.BOTH).anchor(GridBagConstraints.NORTHWEST)
+                .weight(1, 1).insets(0, 10, 0, 0));
+        // the panel with the advanced options
+        add(buildAdvancedPropertiesPanel(), GBC.eol().fill(GridBagConstraints.HORIZONTAL));
+    }
     protected void refreshView() {
         pnlAuthorisationMessage.removeAll();
+        if ((this.oAuthVersion == OAuthVersion.OAuth10a &&
+                OAuthAccessTokenHolder.getInstance().containsAccessToken())
+        || OAuthAccessTokenHolder.getInstance().getAccessToken(this.apiUrl, this.oAuthVersion) != null) {
+        if (OAuthAccessTokenHolder.getInstance().getAccessToken(this.apiUrl, this.oAuthVersion) != null) {
             pnlAuthorisationMessage.add(pnlAlreadyAuthorised, BorderLayout.CENTER);
             pnlAlreadyAuthorised.refreshView();
 …
         this.apiUrl = apiUrl;
         pnlAdvancedProperties.setApiUrl(apiUrl);
+        for (JPanel panel : Arrays.asList(this.pnlNotYetAuthorised, (JPanel) this.pnlAlreadyAuthorised.getComponent(6))) {
+            for (Component component : panel.getComponents()) {
+                if (component instanceof JButton && ((JButton) component).getAction() instanceof AuthoriseNowAction) {
+                    ((AuthoriseNowAction) ((JButton) component).getAction()).updateEnabledState();
+                }
+            }
+        }
+    }
 …
             // Action for authorising now
+            if (oAuthVersion == OAuthVersion.OAuth10a) {
+                add(new JButton(new AuthoriseNowAction(AuthorizationProcedure.FULLY_AUTOMATIC)), GBC.eol());
+            }
+            add(new JButton(new AuthoriseNowAction(AuthorizationProcedure.SEMI_AUTOMATIC)), GBC.eol());
+            if (oAuthVersion == OAuthVersion.OAuth10a) {
+                JButton authManually = new JButton(new AuthoriseNowAction(AuthorizationProcedure.MANUALLY));
+                add(authManually, GBC.eol());
+                ExpertToggleAction.addVisibilitySwitcher(authManually);
+            }
+            add(new JButton(new AuthoriseNowAction(AuthorizationProcedure.FULLY_AUTOMATIC)), GBC.eol());
+            JButton authManually = new JButton(new AuthoriseNowAction(AuthorizationProcedure.MANUALLY));
+            add(authManually, GBC.eol());
+            ExpertToggleAction.addVisibilitySwitcher(authManually);
             // filler - grab remaining space
 …
     private class AlreadyAuthorisedPanel extends JPanel {
         private final JosmTextField tfAccessTokenKey = new JosmTextField(null, null, 0, false);
-        private final JosmTextField tfAccessTokenSecret = new JosmTextField(null, null, 0, false);
         /**
 …
             add(new JLabel(tr("Access Token Secret:")), gc);
-            gc.gridx = 1;
-            gc.weightx = 1.0;
-            add(tfAccessTokenSecret, gc);
-            tfAccessTokenSecret.setEditable(false);
             // -- access token secret
             gc.gridy = 3;
 …
             // -- action buttons
             JPanel btns = new JPanel(new FlowLayout(FlowLayout.LEFT));
+            if (oAuthVersion == OAuthVersion.OAuth10a) {
+                // these want the OAuth 1.0 token information
+                btns.add(new JButton(new RenewAuthorisationAction(AuthorizationProcedure.FULLY_AUTOMATIC)));
+            }
+            btns.add(new JButton(new TestAuthorisationAction(oAuthVersion)));
+            btns.add(new JButton(new RenewAuthorisationAction(AuthorizationProcedure.FULLY_AUTOMATIC)));
+            btns.add(new JButton(new TestAuthorisationAction()));
             btns.add(new JButton(new RemoveAuthorisationAction()));
             gc.gridy = 4;
 …
             add(btns, gc);
-            // the panel with the advanced options
-            gc.gridy = 5;
-            gc.gridx = 0;
-            gc.gridwidth = 2;
-            gc.weightx = 1.0;
-            add(buildAdvancedPropertiesPanel(), gc);
             // filler - grab the remaining space
             gc.gridy = 6;
 …
         protected final void refreshView() {
             switch (oAuthVersion) {
-                case OAuth10a:
-                    String v = OAuthAccessTokenHolder.getInstance().getAccessTokenKey();
-                    tfAccessTokenKey.setText(v == null ? "" : v);
-                    v = OAuthAccessTokenHolder.getInstance().getAccessTokenSecret();
-                    tfAccessTokenSecret.setText(v == null ? "" : v);
-                    tfAccessTokenSecret.setVisible(true);
-                    break;
                 case OAuth20:
                 case OAuth21:
 …
+                    }
                     tfAccessTokenKey.setText(token == null ? "" : token);
+                    tfAccessTokenSecret.setVisible(false);
+                    break;
+                default:
+            }
             cbSaveToPreferences.setSelected(OAuthAccessTokenHolder.getInstance().isSaveToPreferences());
 …
             putValue(NAME, tr("{0} ({1})", tr("Authorize now"), procedure.getText()));
             putValue(SHORT_DESCRIPTION, procedure.getDescription());
+            if (procedure == AuthorizationProcedure.FULLY_AUTOMATIC
+            || OAuthAuthenticationPreferencesPanel.this.oAuthVersion != OAuthVersion.OAuth10a) {
+            if (procedure == AuthorizationProcedure.FULLY_AUTOMATIC) {
                 new ImageProvider("oauth", "oauth-small").getResource().attachImageIcon(this);
+            }
+            updateEnabledState();
+        }
+        void updateEnabledState() {
+            if (procedure == AuthorizationProcedure.MANUALLY) {
+                this.setEnabled(true);
+            } else if (Utils.isValidUrl(apiUrl) && DomainValidator.getInstance().isValid(URI.create(apiUrl).getHost())) {
+                // We want to avoid trying to make connection with an invalid URL
+                final String currentApiUrl = apiUrl;
+                MainApplication.worker.execute(() -> {
+                    final String clientId = OAuthParameters.createDefault(apiUrl, oAuthVersion).getClientId();
+                    if (Objects.equals(apiUrl, currentApiUrl)) {
+                        GuiHelper.runInEDT(() -> this.setEnabled(!Utils.isEmpty(clientId)));
+                    }
+                });
+            }
+        }
         @Override
         public void actionPerformed(ActionEvent arg0) {
+            if (OAuthAuthenticationPreferencesPanel.this.oAuthVersion == OAuthVersion.OAuth10a) {
+                OAuthAuthorizationWizard wizard = new OAuthAuthorizationWizard(
+                        OAuthAuthenticationPreferencesPanel.this,
+                        procedure,
+                        apiUrl,
+                        MainApplication.worker);
+                try {
+                    wizard.showDialog();
+                } catch (UserCancelException ignore) {
+                    Logging.trace(ignore);
+                    return;
+                }
+                pnlAdvancedProperties.setAdvancedParameters(wizard.getOAuthParameters());
+                refreshView();
+            } else {
+                final boolean remoteControlIsRunning = Boolean.TRUE.equals(RemoteControl.PROP_REMOTECONTROL_ENABLED.get());
+                // TODO: Ask user if they want to start remote control?
+                if (!remoteControlIsRunning) {
+                    RemoteControl.start();
+                }
+                new OAuth20Authorization().authorize(OAuthParameters.createDefault(OsmApi.getOsmApi().getServerUrl(), oAuthVersion), token -> {
+                    if (!remoteControlIsRunning) {
+                        RemoteControl.stop();
+                    }
+                    OAuthAccessTokenHolder.getInstance().setAccessToken(OsmApi.getOsmApi().getServerUrl(), token.orElse(null));
+                    OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
+                    GuiHelper.runInEDT(OAuthAuthenticationPreferencesPanel.this::refreshView);
+                    if (!token.isPresent()) {
+                        GuiHelper.runInEDT(() -> JOptionPane.showMessageDialog(MainApplication.getMainPanel(),
+                                tr("Authentication failed, please check browser for details."),
+                                tr("OAuth Authentication Failed"),
+                                JOptionPane.ERROR_MESSAGE));
+                    }
+                }, OsmScopes.read_gpx, OsmScopes.write_gpx,
+                        OsmScopes.read_prefs, OsmScopes.write_prefs,
+                        OsmScopes.write_api, OsmScopes.write_notes);
+            OAuthAuthorizationWizard wizard = new OAuthAuthorizationWizard(
+                    OAuthAuthenticationPreferencesPanel.this,
+                    procedure,
+                    apiUrl,
+                    MainApplication.worker,
+                    oAuthVersion);
+            try {
+                wizard.showDialog(token -> GuiHelper.runInEDT(OAuthAuthenticationPreferencesPanel.this::refreshView));
+            } catch (UserCancelException userCancelException) {
+                Logging.trace(userCancelException);
+                return;
+            }
+            pnlAdvancedProperties.setAdvancedParameters(wizard.getOAuthParameters());
+            refreshView();
+        }
+    }
 …
         @Override
         public void actionPerformed(ActionEvent e) {
+            if (oAuthVersion == OAuthVersion.OAuth10a) {
+                OAuthAccessTokenHolder.getInstance().setAccessToken(null);
+            } else {
+                OAuthAccessTokenHolder.getInstance().setAccessToken(apiUrl, (IOAuthToken) null);
+            }
+            OAuthAccessTokenHolder.getInstance().setAccessToken(apiUrl, null);
             OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
             refreshView();
 …
      */
     private class TestAuthorisationAction extends AbstractAction {
-        private final OAuthVersion oAuthVersion;
         /**
          * Constructs a new {@code TestAuthorisationAction}.
          */
+        TestAuthorisationAction(OAuthVersion oAuthVersion) {
+            this.oAuthVersion = oAuthVersion;
+        TestAuthorisationAction() {
             putValue(NAME, tr("Test Access Token"));
             putValue(SHORT_DESCRIPTION, tr("Click test access to the OSM server with the current access token"));
 …
         @Override
         public void actionPerformed(ActionEvent evt) {
+            if (this.oAuthVersion == OAuthVersion.OAuth10a) {
+                OAuthToken token = OAuthAccessTokenHolder.getInstance().getAccessToken();
+                OAuthParameters parameters = OAuthParameters.createFromApiUrl(OsmApi.getOsmApi().getServerUrl());
+                TestAccessTokenTask task = new TestAccessTokenTask(
+                        OAuthAuthenticationPreferencesPanel.this,
+                        apiUrl,
+                        parameters,
+                        token
+                );
+                MainApplication.worker.submit(task);
+            } else {
+                IOAuthToken token = OAuthAccessTokenHolder.getInstance().getAccessToken(OsmApi.getOsmApi().getBaseUrl(), OAuthVersion.OAuth20);
+                TestAccessTokenTask task = new TestAccessTokenTask(
+                        OAuthAuthenticationPreferencesPanel.this,
+                        apiUrl,
+                        token.getParameters(),
+                        token
+                );
+                MainApplication.worker.submit(task);
+            }
+            IOAuthToken token = OAuthAccessTokenHolder.getInstance().getAccessToken(OsmApi.getOsmApi().getBaseUrl(), OAuthVersion.OAuth20);
+            TestAccessTokenTask task = new TestAccessTokenTask(
+                    OAuthAuthenticationPreferencesPanel.this,
+                    apiUrl,
+                    token
+            );
+            MainApplication.worker.submit(task);
+        }
+    }

trunk/src/org/openstreetmap/josm/io/MessageNotifier.java

-              r18650
+              r18991
             try {
                 if (JosmPreferencesCredentialAgent.class.equals(credManager.getCredentialsAgentClass())) {
+                    if (OsmApi.isUsingOAuth(OAuthVersion.OAuth10a)) {
+                        return credManager.lookupOAuthAccessToken() != null;
+                    } else if (OsmApi.isUsingOAuth(OAuthVersion.OAuth20) || OsmApi.isUsingOAuth(OAuthVersion.OAuth21)) {
+                    if (OsmApi.isUsingOAuth(OAuthVersion.OAuth20) || OsmApi.isUsingOAuth(OAuthVersion.OAuth21)) {
                         return credManager.lookupOAuthAccessToken(OsmApi.getOsmApi().getHost()) != null;
                     } else if (OsmApi.isUsingOAuth()) {

trunk/src/org/openstreetmap/josm/io/OsmApi.java

-              r18871
+              r18991
 import org.xml.sax.SAXParseException;
+import jakarta.annotation.Nullable;
 /**
  * Class that encapsulates the communications with the <a href="http://wiki.openstreetmap.org/wiki/API_v0.6">OSM API</a>.<br><br>
 …
     private static final ListenerList<OsmApiInitializationListener> listeners = ListenerList.create();
-    /** This is used to make certain we have set osm-server.auth-method to the "right" default */
-    private static boolean oauthCompatibilitySwitch;
     private URL url;
 …
      */
     public static boolean isUsingOAuth() {
+        return isUsingOAuth(OAuthVersion.OAuth10a)
+                || isUsingOAuth(OAuthVersion.OAuth20)
+        return isUsingOAuth(OAuthVersion.OAuth20)
                 || isUsingOAuth(OAuthVersion.OAuth21);
+    }
 …
      */
     public static boolean isUsingOAuth(OAuthVersion version) {
+        if (version == OAuthVersion.OAuth10a) {
+            return "oauth".equalsIgnoreCase(getAuthMethod());
+        } else if (version == OAuthVersion.OAuth20 || version == OAuthVersion.OAuth21) {
+            return "oauth20".equalsIgnoreCase(getAuthMethod());
+        if (version == OAuthVersion.OAuth20 || version == OAuthVersion.OAuth21) {
+            return getAuthMethodVersion() == OAuthVersion.OAuth20 || getAuthMethodVersion() == OAuthVersion.OAuth21;
+        }
         return false;
 …
     public static boolean isUsingOAuthAndOAuthSetUp(OsmApi api) {
         if (OsmApi.isUsingOAuth()) {
-            if (OsmApi.isUsingOAuth(OAuthVersion.OAuth10a)) {
-                return OAuthAccessTokenHolder.getInstance().containsAccessToken();
+            }
             if (OsmApi.isUsingOAuth(OAuthVersion.OAuth20)) {
                 return OAuthAccessTokenHolder.getInstance().getAccessToken(api.getBaseUrl(), OAuthVersion.OAuth20) != null;
 …
      */
     public static String getAuthMethod() {
-        setCurrentAuthMethod();
         return Config.getPref().get("osm-server.auth-method", "oauth20");
+    }
     /**
      * This is a compatibility method for users who currently use OAuth 1.0 -- we are changing the default from oauth to oauth20,
      * but since oauth was the default, pre-existing users will suddenly be switched to oauth20.
      * This should be removed whenever {@link OAuthVersion#OAuth10a} support is removed.
      */
     private static void setCurrentAuthMethod() {
         if (!oauthCompatibilitySwitch) {
             oauthCompatibilitySwitch = true;
             final String prefKey = "osm-server.auth-method";
             if ("oauth20".equals(Config.getPref().get(prefKey, "oauth20"))
                 && !isUsingOAuthAndOAuthSetUp(OsmApi.getOsmApi())
                 && OAuthAccessTokenHolder.getInstance().containsAccessToken()) {
                 Config.getPref().put(prefKey, "oauth");
+            }
+     * Returns the authentication method set in the preferences
+     * @return the authentication method
+     * @since 18991
+     */
+    @Nullable
+    public static OAuthVersion getAuthMethodVersion() {
+        switch (getAuthMethod()) {
+            case "oauth20": return OAuthVersion.OAuth20;
+            case "oauth21": return OAuthVersion.OAuth21;
+            case "basic": return null;
+            default:
+                Config.getPref().put("osm-server.auth-method", null);
+                return getAuthMethodVersion();
+        }
+    }

trunk/src/org/openstreetmap/josm/io/OsmConnection.java

-              r18665
+              r18991
 import java.lang.reflect.InvocationTargetException;
 import java.net.Authenticator.RequestorType;
-import java.net.MalformedURLException;
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
 …
 import org.openstreetmap.josm.tools.Logging;
-import oauth.signpost.OAuthConsumer;
-import oauth.signpost.exception.OAuthException;
 /**
  * Base class that handles common things like authentication for the reader and writer
 …
     protected boolean cancel;
     protected HttpClient activeConnection;
-    protected OAuthParameters oauthParameters;
     protected IOAuthParameters oAuth20Parameters;
 …
     /**
-     * Signs the connection with an OAuth authentication header
+     *
-     * @param connection the connection
+     *
-     * @throws MissingOAuthAccessTokenException if there is currently no OAuth Access Token configured
-     * @throws OsmTransferException if signing fails
-     */
-    protected void addOAuthAuthorizationHeader(HttpClient connection) throws OsmTransferException {
-        if (oauthParameters == null) {
-            oauthParameters = OAuthParameters.createFromApiUrl(OsmApi.getOsmApi().getServerUrl());
+        }
-        OAuthConsumer consumer = oauthParameters.buildConsumer();
-        OAuthAccessTokenHolder holder = OAuthAccessTokenHolder.getInstance();
-        if (!holder.containsAccessToken()) {
-            obtainAccessToken(connection);
+        }
-        if (!holder.containsAccessToken()) { // check if wizard completed
-            throw new MissingOAuthAccessTokenException();
+        }
-        consumer.setTokenWithSecret(holder.getAccessTokenKey(), holder.getAccessTokenSecret());
-        try {
-            consumer.sign(connection);
-        } catch (OAuthException e) {
-            throw new OsmTransferException(tr("Failed to sign a HTTP connection with an OAuth Authentication header"), e);
+        }
+    }
-    /**
-     * Obtains an OAuth access token for the connection.
-     * Afterwards, the token is accessible via {@link OAuthAccessTokenHolder} / {@link CredentialsManager}.
-     * @param connection connection for which the access token should be obtained
-     * @throws MissingOAuthAccessTokenException if the process cannot be completed successfully
-     */
-    protected void obtainAccessToken(final HttpClient connection) throws MissingOAuthAccessTokenException {
-        try {
-            final URL apiUrl = new URL(OsmApi.getOsmApi().getServerUrl());
-            if (!Objects.equals(apiUrl.getHost(), connection.getURL().getHost())) {
-                throw new MissingOAuthAccessTokenException();
+            }
-            fetcher.obtainAccessToken(apiUrl);
-            OAuthAccessTokenHolder.getInstance().setSaveToPreferences(true);
-            OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
-        } catch (MalformedURLException | InvocationTargetException e) {
-            throw new MissingOAuthAccessTokenException(e);
-        } catch (InterruptedException e) {
-            Thread.currentThread().interrupt();
-            throw new MissingOAuthAccessTokenException(e);
+        }
+    }
-    /**
      * Obtains an OAuth access token for the connection.
      * Afterwards, the token is accessible via {@link OAuthAccessTokenHolder} / {@link CredentialsManager}.
 …
+                    }
                     // Clean up old token/password
-                    OAuthAccessTokenHolder.getInstance().setAccessToken(null);
                     OAuthAccessTokenHolder.getInstance().setAccessToken(OsmApi.getOsmApi().getServerUrl(), authToken.orElse(null));
                     OAuthAccessTokenHolder.getInstance().save(CredentialsManager.getInstance());
 …
                 addBasicAuthorizationHeader(connection);
                 return;
-            case "oauth":
-                addOAuthAuthorizationHeader(connection);
-                return;
             case "oauth20":
                 addOAuth20AuthorizationHeader(connection);

trunk/src/org/openstreetmap/josm/io/auth/CredentialsAgent.java

-              r18877
+              r18991
 import org.openstreetmap.josm.data.oauth.IOAuthToken;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import jakarta.annotation.Nullable;
 …
      * @return the current OAuth Access Token to access the OSM server.
      * @throws CredentialsAgentException if something goes wrong
+     * @deprecated since 18991 -- OAuth 1.0 is being removed from the OSM API
      */
+    OAuthToken lookupOAuthAccessToken() throws CredentialsAgentException;
+    @Deprecated
+    default IOAuthToken lookupOAuthAccessToken() throws CredentialsAgentException {
+        throw new CredentialsAgentException("Call to deprecated method");
+    }
     /**
 …
      * @param accessToken the access Token. null, to remove the Access Token.
      * @throws CredentialsAgentException if something goes wrong
+     * @deprecated since 18991 -- OAuth 1.0 is being removed from the OSM API
      */
+    void storeOAuthAccessToken(OAuthToken accessToken) throws CredentialsAgentException;
+    @Deprecated
+    default void storeOAuthAccessToken(IOAuthToken accessToken) throws CredentialsAgentException {
+        throw new CredentialsAgentException("Call to deprecated method");
+    }
     /**
 …
      * @param host The host the access token is for
      * @param accessToken the access Token. null, to remove the Access Token. This will remove all IOAuthTokens <i>not</i> managed by
      *                    {@link #storeOAuthAccessToken(OAuthToken)}.
+     *                    {@link #storeOAuthAccessToken(IOAuthToken)}.
      * @throws CredentialsAgentException if something goes wrong
      * @since 18650

trunk/src/org/openstreetmap/josm/io/auth/CredentialsManager.java

-              r18650
+              r18991
 import org.openstreetmap.josm.data.UserIdentityManager;
 import org.openstreetmap.josm.data.oauth.IOAuthToken;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.io.OsmApi;
 import org.openstreetmap.josm.tools.CheckParameterUtil;
 …
 /**
  * CredentialManager is a factory for the single credential agent used.
+ *
+ * <p>
  * Currently, it defaults to replying an instance of {@link JosmPreferencesCredentialAgent}.
  * @since 2641
 …
     @Override
-    public OAuthToken lookupOAuthAccessToken() throws CredentialsAgentException {
-        return delegate.lookupOAuthAccessToken();
+    }
-    @Override
     public IOAuthToken lookupOAuthAccessToken(String host) throws CredentialsAgentException {
         return delegate.lookupOAuthAccessToken(host);
+    }
-    @Override
-    public void storeOAuthAccessToken(OAuthToken accessToken) throws CredentialsAgentException {
-        delegate.storeOAuthAccessToken(accessToken);
+    }

trunk/src/org/openstreetmap/josm/io/auth/JosmPreferencesCredentialAgent.java

-              r18723
+              r18991
 import org.openstreetmap.josm.data.oauth.OAuth20Parameters;
 import org.openstreetmap.josm.data.oauth.OAuth20Token;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.widgets.HtmlPanel;
 …
+    }
-    /**
-     * Lookup the current OAuth Access Token to access the OSM server. Replies null, if no
-     * Access Token is currently managed by this CredentialManager.
+     *
-     * @return the current OAuth Access Token to access the OSM server.
-     * @throws CredentialsAgentException if something goes wrong
-     */
-    @Override
-    public OAuthToken lookupOAuthAccessToken() throws CredentialsAgentException {
-        String accessTokenKey = Config.getPref().get("oauth.access-token.key", null);
-        String accessTokenSecret = Config.getPref().get("oauth.access-token.secret", null);
-        if (accessTokenKey == null && accessTokenSecret == null)
-            return null;
-        return new OAuthToken(accessTokenKey, accessTokenSecret);
+    }
     @Override
     public IOAuthToken lookupOAuthAccessToken(String host) throws CredentialsAgentException {
 …
+        }
         return null;
+    }
-    /**
-     * Stores the OAuth Access Token <code>accessToken</code>.
+     *
-     * @param accessToken the access Token. null, to remove the Access Token.
-     * @throws CredentialsAgentException if something goes wrong
-     */
-    @Override
-    public void storeOAuthAccessToken(OAuthToken accessToken) throws CredentialsAgentException {
-        if (accessToken == null) {
-            Config.getPref().put("oauth.access-token.key", null);
-            Config.getPref().put("oauth.access-token.secret", null);
-        } else {
-            Config.getPref().put("oauth.access-token.key", accessToken.getKey());
-            Config.getPref().put("oauth.access-token.secret", accessToken.getSecret());
+        }
+    }

trunk/src/org/openstreetmap/josm/tools/ExceptionUtil.java

-              r18211
+              r18991
                 + "Please launch the preferences dialog and retrieve another OAuth token."
                 + "</html>",
                 OAuthAccessTokenHolder.getInstance().getAccessTokenKey()
+                OAuthAccessTokenHolder.getInstance().getAccessToken(e.getUrl(), OsmApi.getAuthMethodVersion())
         );
+    }
 …
                 + "Please launch the preferences dialog and retrieve another OAuth token."
                 + "</html>",
                 OAuthAccessTokenHolder.getInstance().getAccessTokenKey(),
+                OAuthAccessTokenHolder.getInstance().getAccessToken(e.getUrl(), OsmApi.getAuthMethodVersion()),
                 e.getAccessedUrl() == null ? tr("unknown") : e.getAccessedUrl()
         );

trunk/test/unit/org/openstreetmap/josm/TestUtils.java

-              r18799
+              r18991
     /**
      * Determines if OSM DEV_API credential have been provided. Required for functional tests.
      * @return {@code true} if {@code osm.username} and {@code osm.password} have been defined on the command line
+     * @return {@code true} if {@code osm.oauth2} have been defined on the command line
      */
     public static boolean areCredentialsProvided() {
         return Utils.getSystemProperty("osm.username") != null && Utils.getSystemProperty("osm.password") != null;
+        return Utils.getSystemProperty("osm.oauth2") != null;
+    }

trunk/test/unit/org/openstreetmap/josm/data/oauth/OAuth20AuthorizationTest.java

r18786	r18991
186	186	OAuth20Parameters parameters = (OAuth20Parameters) OAuthParameters.createDefault(OsmApi.getOsmApi().getBaseUrl(), OAuthVersion.OAuth20);
187	187	RemoteControl.start();
188		authorization.authorize(new OAuth20Parameters(~~parameters.getClientId()~~, parameters.getClientSecret(),
	188	authorization.authorize(new OAuth20Parameters(CLIENT_ID_VALUE, parameters.getClientSecret(),
189	189	wireMockRuntimeInfo.getHttpBaseUrl() + "/oauth2", wireMockRuntimeInfo.getHttpBaseUrl() + "/api",
190	190	parameters.getRedirectUri()), consumer::set, OsmScopes.read_gpx);

trunk/test/unit/org/openstreetmap/josm/data/oauth/OAuthParametersTest.java

-              r18853
+              r18991
     @SuppressFBWarnings(value = "ST_WRITE_TO_STATIC_FROM_INSTANCE_METHOD")
     void testCreateDefault() {
         OAuthParameters def = OAuthParameters.createDefault();
+        IOAuthParameters def = OAuthParameters.createDefault();
         assertNotNull(def);
         assertEquals(def, OAuthParameters.createDefault(Config.getUrls().getDefaultOsmApiUrl()));
         OAuthParameters dev = OAuthParameters.createDefault("https://api06.dev.openstreetmap.org/api");
+        assertEquals(def, OAuthParameters.createDefault(Config.getUrls().getDefaultOsmApiUrl(), OAuthVersion.OAuth20));
+        IOAuthParameters dev = OAuthParameters.createDefault("https://api06.dev.openstreetmap.org/api", OAuthVersion.OAuth20);
         assertNotNull(dev);
         assertNotEquals(def, dev);
         Logging.setLogLevel(Logging.LEVEL_TRACE); // enable trace for line coverage
+        assertEquals(def, OAuthParameters.createDefault("wrong_url"));
+        OAuthParameters dev2 = new OAuthParameters(dev);
+        assertEquals(dev, dev2);
+        assertEquals(def, OAuthParameters.createDefault("wrong_url", OAuthVersion.OAuth20));
+    }
 …
     void testEqualsContract() {
         TestUtils.assumeWorkingEqualsVerifier();
         EqualsVerifier.forClass(OAuthParameters.class).usingGetClass().verify();
+        EqualsVerifier.forClass(OAuth20Parameters.class).usingGetClass().verify();
+    }
+}

trunk/test/unit/org/openstreetmap/josm/gui/io/DownloadOpenChangesetsTaskTest.java

-              r18870
+              r18991
 import java.awt.GraphicsEnvironment;
 import java.net.URL;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
 import javax.swing.JOptionPane;
 import javax.swing.JPanel;
-import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.openstreetmap.josm.TestUtils;
 import org.openstreetmap.josm.data.UserIdentityManager;
 import org.openstreetmap.josm.gui.oauth.OAuthAuthorizationWizard;
-import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.testutils.annotations.BasicPreferences;
 import org.openstreetmap.josm.testutils.annotations.OsmApi;
 …
     /**
-     * These tests were written with {@link org.openstreetmap.josm.data.oauth.OAuthVersion#OAuth10a} as the default auth method.
-     */
-    @BeforeEach
-    void setup() {
-        Config.getPref().put("osm-server.auth-method", "oauth");
+    }
-    /**
      * Test of {@link DownloadOpenChangesetsTask} class when anonymous.
      */
 …
             new WindowMocker();
+        }
+        final OAuthWizardMocker oaWizardMocker = new OAuthWizardMocker();
+        final JOptionPaneSimpleMocker jopsMocker = new JOptionPaneSimpleMocker(
+            Collections.singletonMap(
+                "<html>Could not retrieve the list of your open changesets because<br>JOSM does not know "
+        final Map<String, Object> optionPaneMock = new HashMap<>(2);
+        optionPaneMock.put("<html>Could not retrieve the list of your open changesets because<br>JOSM does not know "
                 + "your identity.<br>You have either chosen to work anonymously or you are not "
                 + "entitled<br>to know the identity of the user on whose behalf you are working.</html>", JOptionPane.OK_OPTION
+            )
         );
+                + "entitled<br>to know the identity of the user on whose behalf you are working.</html>", JOptionPane.OK_OPTION);
+        optionPaneMock.put("Obtain OAuth 2.0 token for authentication?", JOptionPane.NO_OPTION);
+        final JOptionPaneSimpleMocker jopsMocker = new JOptionPaneSimpleMocker(optionPaneMock);
         DownloadOpenChangesetsTask task = new DownloadOpenChangesetsTask(new JPanel());
 …
         assertNull(task.getChangesets());
         assertEquals(1, jopsMocker.getInvocationLog().size());
         Object[] invocationLogEntry = jopsMocker.getInvocationLog().get(0);
+        assertEquals(2, jopsMocker.getInvocationLog().size());
+        Object[] invocationLogEntry = jopsMocker.getInvocationLog().get(1);
         assertEquals(JOptionPane.OK_OPTION, (int) invocationLogEntry[0]);
         assertEquals("Missing user identity", invocationLogEntry[2]);
+        assertTrue(oaWizardMocker.called);
+        invocationLogEntry = jopsMocker.getInvocationLog().get(0);
+        assertEquals(JOptionPane.NO_OPTION, (int) invocationLogEntry[0]);
+        assertEquals("Obtain authentication to OSM servers", invocationLogEntry[2]);
+    }
 …
             new WindowMocker();
+        }
         final OAuthWizardMocker oaWizardMocker = new OAuthWizardMocker();
         final JOptionPaneSimpleMocker jopsMocker = new JOptionPaneSimpleMocker(
             Collections.singletonMap("There are no open changesets", JOptionPane.OK_OPTION)
         );
+        final Map<String, Object> optionPaneMock = new HashMap<>(2);
+        optionPaneMock.put("There are no open changesets", JOptionPane.OK_OPTION);
+        optionPaneMock.put("Obtain OAuth 2.0 token for authentication?", JOptionPane.NO_OPTION);
+        final JOptionPaneSimpleMocker jopsMocker = new JOptionPaneSimpleMocker(optionPaneMock);
         DownloadOpenChangesetsTask task = new DownloadOpenChangesetsTask(new JPanel());
 …
         assertNotNull(task.getChangesets());
         assertEquals(1, jopsMocker.getInvocationLog().size());
         Object[] invocationLogEntry = jopsMocker.getInvocationLog().get(0);
+        assertEquals(2, jopsMocker.getInvocationLog().size());
+        Object[] invocationLogEntry = jopsMocker.getInvocationLog().get(1);
         assertEquals(JOptionPane.OK_OPTION, (int) invocationLogEntry[0]);
         assertEquals("No open changesets", invocationLogEntry[2]);
+        assertTrue(oaWizardMocker.called);
+        invocationLogEntry = jopsMocker.getInvocationLog().get(0);
+        assertEquals(JOptionPane.NO_OPTION, (int) invocationLogEntry[0]);
+        assertEquals("Obtain authentication to OSM servers", invocationLogEntry[2]);
+    }
+}

trunk/test/unit/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUITest.java

-              r18037
+              r18991
 package org.openstreetmap.josm.gui.oauth;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.EnumSource;
+import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.testutils.annotations.BasicPreferences;
-import org.junit.jupiter.api.Test;
 /**
 …
      * Unit test of {@link FullyAutomaticAuthorizationUI#FullyAutomaticAuthorizationUI}.
      */
+    @Test
+    void testFullyAutomaticAuthorizationUI() {
+        assertNotNull(new FullyAutomaticAuthorizationUI("", MainApplication.worker));
+    @ParameterizedTest
+    @EnumSource(OAuthVersion.class)
+    void testFullyAutomaticAuthorizationUI(OAuthVersion version) {
+        assertDoesNotThrow(() -> new FullyAutomaticAuthorizationUI("", MainApplication.worker, version));
+    }
+}

trunk/test/unit/org/openstreetmap/josm/gui/oauth/ManualAuthorizationUITest.java

-              r18037
+              r18991
 package org.openstreetmap.josm.gui.oauth;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
+import static org.junit.jupiter.api.Assertions.assertDoesNotThrow;
 import org.junit.jupiter.api.Test;
+import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.testutils.annotations.BasicPreferences;
 …
     @Test
     void testManualAuthorizationUI() {
         assertNotNull(new ManualAuthorizationUI("", MainApplication.worker));
+        assertDoesNotThrow(() -> new ManualAuthorizationUI("", MainApplication.worker, OAuthVersion.OAuth20));
+    }
+}

trunk/test/unit/org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanelTest.java

-              r18765
+              r18991
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.EnumSource;
-import org.openstreetmap.josm.data.oauth.IOAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuth20Exception;
 import org.openstreetmap.josm.data.oauth.OAuth20Parameters;
 import org.openstreetmap.josm.data.oauth.OAuth20Token;
 import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.data.oauth.OAuthVersion;
 import org.openstreetmap.josm.io.OsmApi;
 …
         List<Exception> exceptionList = new ArrayList<>();
         try {
             CredentialsManager.getInstance().storeOAuthAccessToken(null);
+            CredentialsManager.getInstance().storeOAuthAccessToken(OsmApi.getOsmApi().getServerUrl(), null);
         } catch (CredentialsAgentException exception) {
             exceptionList.add(exception);
 …
     @ParameterizedTest
     @EnumSource(value = OAuthVersion.class, names = {"OAuth10a", "OAuth20"})
+    @EnumSource(value = OAuthVersion.class, names = "OAuth20")
     void testRemoveToken(OAuthVersion oAuthVersion) throws ReflectiveOperationException, CredentialsAgentException, OAuth20Exception {
         final OAuthAuthenticationPreferencesPanel panel = new OAuthAuthenticationPreferencesPanel(oAuthVersion);
 …
         assertSame(pnlAlreadyAuthorised.get(panel), holder.getComponent(0), "Authentication should now be set");
         assertNotNull(getAuthorization(oAuthVersion));
         final JPanel buttons = (JPanel) ((JPanel) pnlAlreadyAuthorised.get(panel)).getComponent(6);
         final JButton action = (JButton) buttons.getComponent(oAuthVersion == OAuthVersion.OAuth10a ? 2 : 1);
+        final JPanel buttons = (JPanel) ((JPanel) pnlAlreadyAuthorised.get(panel)).getComponent(5);
+        final JButton action = (JButton) buttons.getComponent(2);
         assertEquals(tr("Remove token"), action.getText(), "The selected button should be for removing the token");
         action.getAction().actionPerformed(null);
 …
     private static void addAuthorization(OAuthVersion oAuthVersion) throws CredentialsAgentException, OAuth20Exception {
         switch (oAuthVersion) {
-            case OAuth10a:
-                CredentialsManager.getInstance().storeOAuthAccessToken(new OAuthToken("fake_key", "fake_secret"));
-                break;
             case OAuth20:
             case OAuth21:
 …
     private static Object getAuthorization(OAuthVersion oAuthVersion) {
         OAuthAccessTokenHolder.getInstance().clear();
         OAuthAccessTokenHolder.getInstance().setAccessToken(OsmApi.getOsmApi().getHost(), (IOAuthToken) null);
+        OAuthAccessTokenHolder.getInstance().setAccessToken(OsmApi.getOsmApi().getServerUrl(), null);
         OAuthAccessTokenHolder.getInstance().init(CredentialsManager.getInstance());
         // Ensure that we are not saving authorization data
+        switch (oAuthVersion) {
+            case OAuth10a:
+                return OAuthAccessTokenHolder.getInstance().getAccessToken();
+            case OAuth20:
+            case OAuth21:
+                return OAuthAccessTokenHolder.getInstance().getAccessToken(OsmApi.getOsmApi().getHost(), oAuthVersion);
+            default:
+                throw new AssertionError("OAuth version not understood");
+        }
+        return OAuthAccessTokenHolder.getInstance().getAccessToken(OsmApi.getOsmApi().getServerUrl(), oAuthVersion);
+    }
+}

trunk/test/unit/org/openstreetmap/josm/io/auth/CredentialsAgentTest.java

-              r18650
+              r18991
 import org.openstreetmap.josm.data.oauth.OAuth20Parameters;
 import org.openstreetmap.josm.data.oauth.OAuth20Token;
-import org.openstreetmap.josm.data.oauth.OAuthToken;
 import org.openstreetmap.josm.io.OsmApi;
 import org.openstreetmap.josm.testutils.annotations.BasicPreferences;
 …
+    }
-    @Test
-    default void testLookUpAndStoreOAuth10() throws CredentialsAgentException {
-        final T agent = createAgent();
-        assertNull(agent.lookupOAuthAccessToken());
-        final OAuthToken token = new OAuthToken("foo", "bar");
-        agent.storeOAuthAccessToken(token);
-        final OAuthToken actual = agent.lookupOAuthAccessToken();
-        assertEquals(token, actual);
-        agent.storeOAuthAccessToken(null);
-        assertNull(agent.lookupOAuthAccessToken());
+    }
     @ParameterizedTest
     @MethodSource("getHosts")

trunk/test/unit/org/openstreetmap/josm/testutils/annotations/BasicPreferences.java

r18870	r18991
65	65	if (AnnotationSupport.isAnnotated(context.getElement(), BasicPreferences.class)) {
66	66	this.afterAll(context);
	67	if (AnnotationSupport.isAnnotated(context.getTestClass(), BasicPreferences.class)) {
	68	this.beforeAll(context);
	69	}
67	70	}
68	71	}

trunk/test/unit/org/openstreetmap/josm/testutils/annotations/TestUser.java

-              r18974
+              r18991
 import java.lang.annotation.Target;
 import java.net.Authenticator;
-import java.net.PasswordAuthentication;
 import org.junit.jupiter.api.extension.AfterEachCallback;
 …
 import org.openstreetmap.josm.TestUtils;
 import org.openstreetmap.josm.data.UserIdentityManager;
+import org.openstreetmap.josm.data.oauth.OAuth20Token;
+import org.openstreetmap.josm.data.oauth.OAuthAccessTokenHolder;
+import org.openstreetmap.josm.data.oauth.OAuthParameters;
 import org.openstreetmap.josm.io.auth.CredentialsManager;
 import org.openstreetmap.josm.spi.preferences.Config;
 …
         public void beforeEach(ExtensionContext context) throws Exception {
             assumeTrue(TestUtils.areCredentialsProvided(),
+                    "OSM DEV API credentials not provided. Please define them with -Dosm.username and -Dosm.password");
+            final String username = Utils.getSystemProperty("osm.username");
+            final String password = Utils.getSystemProperty("osm.password");
+            assumeTrue(username != null && !username.isEmpty(), "Please add -Dosm.username for the OSM DEV API");
+            assumeTrue(password != null && !password.isEmpty(), "Please add -Dosm.password for the OSM DEV API");
+            Config.getPref().put("osm-server.auth-method", "basic");
+                    "OSM DEV API credentials not provided. Please define them with -Dosm.oauth2");
+            final String oauth2 = Utils.getSystemProperty("osm.oauth2");
+            Config.getPref().put("osm-server.auth-method", "oauth20");
             // don't use atomic upload, the test API server can't cope with large diff uploads
             Config.getPref().putBoolean("osm-server.atomic-upload", false);
+            CredentialsManager.getInstance().store(Authenticator.RequestorType.SERVER, org.openstreetmap.josm.io.OsmApi.getOsmApi().getHost(),
+                    new PasswordAuthentication(username, password.toCharArray()));
+            final String serverUrl = org.openstreetmap.josm.io.OsmApi.getOsmApi().getServerUrl();
+            final OAuth20Token token = new OAuth20Token(OAuthParameters.createDefault(),
+                    "{\"token_type\":\"bearer\", \"access_token\": \"" + oauth2 + "\"}");
+            OAuthAccessTokenHolder.getInstance().setAccessToken(serverUrl, token);
+            CredentialsManager.getInstance().storeOAuthAccessToken(serverUrl, token);
+            if (!UserIdentityManager.getInstance().isFullyIdentified()) {
+                UserIdentityManager.getInstance().initFromOAuth();
+            }
+        }
+    }

Context Navigation

Changeset 18991 in josm

Legend:

trunk/ivy.xml

trunk/src/org/openstreetmap/josm/data/oauth/OAuth20Parameters.java

trunk/src/org/openstreetmap/josm/data/oauth/OAuthAccessTokenHolder.java

trunk/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java

trunk/src/org/openstreetmap/josm/data/oauth/OAuthVersion.java

trunk/src/org/openstreetmap/josm/gui/oauth/AbstractAuthorizationUI.java

trunk/src/org/openstreetmap/josm/gui/oauth/AccessTokenInfoPanel.java

trunk/src/org/openstreetmap/josm/gui/oauth/AdvancedOAuthPropertiesPanel.java

trunk/src/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java

trunk/src/org/openstreetmap/josm/gui/oauth/ManualAuthorizationUI.java

trunk/src/org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java

trunk/src/org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java

trunk/src/org/openstreetmap/josm/gui/preferences/server/AuthenticationPreferencesPanel.java

trunk/src/org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanel.java

trunk/src/org/openstreetmap/josm/io/MessageNotifier.java

trunk/src/org/openstreetmap/josm/io/OsmApi.java

trunk/src/org/openstreetmap/josm/io/OsmConnection.java

trunk/src/org/openstreetmap/josm/io/auth/CredentialsAgent.java

trunk/src/org/openstreetmap/josm/io/auth/CredentialsManager.java

trunk/src/org/openstreetmap/josm/io/auth/JosmPreferencesCredentialAgent.java

trunk/src/org/openstreetmap/josm/tools/ExceptionUtil.java

trunk/test/unit/org/openstreetmap/josm/TestUtils.java

trunk/test/unit/org/openstreetmap/josm/data/oauth/OAuth20AuthorizationTest.java

trunk/test/unit/org/openstreetmap/josm/data/oauth/OAuthParametersTest.java

trunk/test/unit/org/openstreetmap/josm/gui/io/DownloadOpenChangesetsTaskTest.java

trunk/test/unit/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUITest.java

trunk/test/unit/org/openstreetmap/josm/gui/oauth/ManualAuthorizationUITest.java

trunk/test/unit/org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanelTest.java

trunk/test/unit/org/openstreetmap/josm/io/auth/CredentialsAgentTest.java

trunk/test/unit/org/openstreetmap/josm/testutils/annotations/BasicPreferences.java

trunk/test/unit/org/openstreetmap/josm/testutils/annotations/TestUser.java

Download in other formats: