Update OSM Server preference page

[skyper]

OSM Server preferences needs some updates:

• OAuth1 is outdated and can be removed
  • Some screenshots need updates
• OAuth2 needs some better wording as the seems to be some confusion about "Remote Control", see ​https://community.openstreetmap.org/t/113078
  • As I understand it, OAuth2 uses "Remote Control" under the hood which can lead to problems if there is already another instance of JOSM with enabled "Remote Control" running but you definitely do not have to enable "Remote Control" to get a token.

Besides that, what should we do with Help/Dialog/OAuthAuthorisationWizard. Is it still useful or should the whole page be deleted?

[taylor.smock]

Anything mentioning Fully automatic authorization can be removed.

I don't know how to better word the bit on remote control. I'll give a rundown on what happens so that maybe someone can come up with better wording.

Fetching the Authorization Token:

1. Open browser to OSM OAuth page and start Remote Control server
2. OSM redirects to http://127.0.0.1:8111/oauth_authorization after user logs in and authorizes the request
3. The JOSM Remote Control server takes the information from the redirect in step (2) and finishes the authorization flow
4. JOSM stops the remote control server if it was not originally running

Using the Authorization Token:

1. Attach the token to the HTTP request using Authorization: OAuth ${token} as a header.

Remote Control is not required for using the authorization token. It is only required to fetch the token during the initial OAuth authorization flow.

The reason why I indicated that it uses remote control is that some users may have other JOSM instances running with remote control started, which would prevent the current instance from authenticating. I was trying to give some troubleshooting steps.

[stoecker]

Besides that, what should we do with Help/Dialog/OAuthAuthorisationWizard. Is it still useful or should the whole page be deleted?

It's still referenced.

org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenOK")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/TestAccessTokenTask.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#AccessTokenFailed")
org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java:        pnl.add(new JButton(new ContextSensitiveHelpAction(HelpUtil.ht("/Dialog/OAuthAuthorisationWizard"))));
org/openstreetmap/josm/gui/oauth/OAuthAuthorizationWizard.java:        HelpUtil.setHelpContext(getRootPane(), HelpUtil.ht("/Dialog/OAuthAuthorisationWizard"));
org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java:                    HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#FullyAutomaticProcessFailed")
org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java:                    HelpUtil.ht("/Dialog/OAuthAuthorisationWizard#FullyAutomaticProcessFailed")
org/openstreetmap/josm/gui/oauth/AdvancedOAuthPropertiesPanel.java:                HelpUtil.ht("/Dialog/OAuthAuthorisationWizard")
org/openstreetmap/josm/gui/preferences/server/OAuthAuthenticationPreferencesPanel.java:     * Launches the OAuthAuthorisationWizard to generate a new Access Token

Also deleting a page kills the whole history. Better is to fill it with updated information ;-)

[skyper]

Ok, I have added a sentence to the description of the use of remote control and did some cosmetic work on the OSM Server page. I did not remove the section about OAuth1a but I think it should be removed. Any objections?

The problem with Help/Dialog/OAuthAuthorisationWizard is that it is mostly about OAuth1a. The wizard dialogs do not exist anymore and even the part about "Advanced OAuth parameters" is only about OAuth1a and does not fit with OAuth2. I think these advanced parameters can easily be added to Help/Preferences/Connection. Either the whole "wizard" page needs a major rework or we could mark it as outdated instead of deleting it.
So far, with current josm-latest, I only found one occasion where the context sensitive help links to the page. It is the message dialog when testing the OAuth2 token and the page does not give any help in this case.

[taylor.smock]

Replying to skyper:

[...] I did not remove the section about OAuth1a but I think it should be removed. Any objections?

Not from me. I don't think we will ever be bringing OAuth 1 back.

The problem with Help/Dialog/OAuthAuthorisationWizard is that it is mostly about OAuth1a. The wizard dialogs do not exist anymore and even the part about "Advanced OAuth parameters" is only about OAuth1a and does not fit with OAuth2. I think these advanced parameters can easily be added to Help/Preferences/Connection. Either the whole "wizard" page needs a major rework or we could mark it as outdated instead of deleting it.

I've done a bit of work to readd advanced parameters, so I think outdated is better than deletion for that.