Changeset 18991 in josm for trunk/ivy.xml


Ignore:
Timestamp:
2024-02-21T21:26:18+01:00 (3 months ago)
Author:
taylor.smock
Message:

Fix #22810: OSM OAuth 1.0a/Basic auth deprecation and removal

As of 2024-02-15, something changed in the OSM server configuration. This broke
our OAuth 1.0a implementation (see #23475). As such, we are removing OAuth 1.0a
from JOSM now instead of when the OSM server removes support in June 2024.

For third-party OpenStreetMap servers, the Basic Authentication method has been
kept. However, they should be made aware that it may be removed if a non-trivial
bug occurs with it. We highly recommend that the third-party servers update to
the current OpenStreetMap website implementation (if only for their own security).

Failing that, the third-party server can implement RFC8414. As of this commit,
we currently use the authorization_endpoint and token_endpoint fields.
To check and see if their third-party server implements RFC8414, they can go
to <server host>/.well-known/oauth-authorization-server.

Prominent third-party OpenStreetMap servers may give us a client id for their
specific server. That client id may be added to the hard-coded client id list
at maintainer discretion. At a minimum, the server must be publicly
available and have a significant user base.

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/ivy.xml

    r18979 r18991  
    3838        <dependency conf="api->default" org="com.formdev" name="svgSalamander" rev="1.1.4"/>
    3939        <dependency conf="api->default" org="ch.poole" name="OpeningHoursParser" rev="0.28.1"/>
    40         <dependency conf="api->default" org="oauth.signpost" name="signpost-core" rev="2.1.1"/>
    4140        <!-- Don't forget to update org.openstreetmap.josm.tools.Tag2Link#PREF_SOURCE -->
    4241        <dependency conf="api->default" org="org.webjars.npm" name="tag2link" rev="2024.2.8"/>
     
    5756        <dependency conf="sources->sources" org="com.formdev" name="svgSalamander" rev="1.1.4"/>
    5857        <dependency conf="sources->sources" org="ch.poole" name="OpeningHoursParser" rev="0.28.1"/>
    59         <dependency conf="sources->sources" org="oauth.signpost" name="signpost-core" rev="2.1.1"/>
    6058        <dependency conf="sources->default" org="org.webjars.npm" name="tag2link" rev="2024.2.8"/><!-- sources->default sic! (tag2link-sources.jar is empty, see #19335) -->
    6159        <!-- commonslang->default -->
Note: See TracChangeset for help on using the changeset viewer.