#13872 closed enhancement (fixed)
Optionally allow OAuth signing of all API requests
Reported by: | Owned by: | team | |
---|---|---|---|
Priority: | normal | Milestone: | 16.10 |
Component: | Core | Version: | |
Keywords: | oauth bandwidth limit | Cc: |
Description
One frequent complaint when large mapping parties are held behind NAT firewalls is that API requests begin to fail with "509 Bandwith Limit Exceeded" messages. This is due to the OSM API rate-limiting on the basis of the user's IP address, which may be shared with many other users.
A method was recently committed and deployed to the API which means that OAuth signed requests will count towards a per-user rate limit rather than a per-IP one. This should mostly solve the problem that users behind NAT firewalls have experienced. While it is not necessary to use OAuth to sign read-only requests, such as map API calls, doing so will cause the user to be judged on their own traffic alone.
iD has added support recently, for full details please see: https://github.com/openstreetmap/iD/pull/3519
For background about the problem, please see: https://github.com/openstreetmap/operations/issues/36
Attachments (0)
Change History (8)
comment:1 by , 8 years ago
comment:2 by , 8 years ago
Maybe such a patch is sufficient:
-
src/org/openstreetmap/josm/io/OsmServerReader.java
28 28 */ 29 29 public abstract class OsmServerReader extends OsmConnection { 30 30 private final OsmApi api = OsmApi.getOsmApi(); 31 private boolean doAuthenticate ;31 private boolean doAuthenticate = "oauth".equals(OsmApi.getAuthMethod()); 32 32 protected boolean gpxParsedProperly; 33 33 34 34 /**
comment:3 by , 8 years ago
Keywords: | bandwidth limit added |
---|---|
Milestone: | → 16.10 |
comment:5 by , 8 years ago
Resolution: | fixed |
---|---|
Status: | closed → reopened |
Use new preference directory and download data -> The OAuth dialog will pop up and request username and password.
It should just download the data and only authenticate the request when OAuth is already configured.
comment:7 by , 8 years ago
Thanks! That was very quick.
I've just tested this and it seems to be having the intended effect server-side; map downloads were assigned to my user ID rather than my IP address.
Trying to explain this better. What I meant was: