Modify

Opened 13 years ago

Closed 12 years ago

Last modified 12 years ago

#7183 closed defect (worksforme)

HTTP 302 response to OAuth full-auto authentication ?

Reported by: Don-vip Owned by: team
Priority: major Milestone:
Component: Core Version: latest
Keywords: OAuth, http, 302 Cc:

Description (last modified by Don-vip)

I'm getting some trouble to configure OAuth on the work notebook I've taken home for holidays :)

I don't know if this comes from this machine, if the OSM server is crazy or if it is a recent JOSM regression, but the OAuth authentication does not work with JOSM 4707. The error comes with this exception on the standard output:

org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: L’autorisation de la requête OAuth '...' a échoué
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.sendAuthorisationRequest(OsmOAuthAuthorizationClient.java:432)
	at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.authorise(OsmOAuthAuthorizationClient.java:494)
	at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:533)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:79)
	at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:125)
	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

I've checked in debug mode: JOSM receives a HTTP 302 response (redirect) from the OSM server instead of an expected HTTP 200 (OK).

I've never seen that before, am I the only one with this behavior ?

Attachments (0)

Change History (14)

comment:1 by Don-vip, 13 years ago

Description: modified (diff)

comment:2 by stoecker, 13 years ago

I changed the password handling a bit lately, but this should not have affected OAuth. But maybe login for fully automatic OAuth is affected, as this does not go to OSM-API.

comment:3 by bastiK, 13 years ago

For basic auth fix see, #7086. You could try earlier versions.

comment:4 by Don-vip, 13 years ago

I've cleared my preferences and tried with JOSM 4667, same result.
I wonder if it is related to my corporate environment, have to look further into this.

comment:5 by Don-vip, 13 years ago

The exact HTTP response I always have to the POST request to http://www.openstreetmap.org/oauth/authorize is the following:

Response code: 302
null: [HTTP/1.1 302 Found]
X-Runtime: [0.854605]
Content-Language: [en]
Content-Length: [129]
X-UA-Compatible: [IE=Edge,chrome=1]
Location: [http://www.openstreetmap.org/login?referer=%2Foauth%2Fauthorize]
Set-Cookie: [_osm_session=...; path=/; HttpOnly]
Connection: [Keep-Alive]
Server: [Apache/2.2.14 (Ubuntu)]
X-Powered-By: [Phusion Passenger (mod_rails/mod_rack) 3.0.11]
Cache-Control: [no-cache]
Status: [302]
Date: [Sun, 25 Dec 2011 21:55:54 GMT]
Vary: [Accept-Language,Accept-Encoding]
Keep-Alive: [timeout=15, max=100]
Content-Type: [text/html; charset=utf-8]

EDIT: I have the same 302 response with a good password and a bad one, I really don't understand (and I've checked my password on OSM website to see if I'm not crazy :))

Last edited 13 years ago by Don-vip (previous) (diff)

comment:6 by Don-vip, 13 years ago

Description: modified (diff)
Summary: HTTP 302 response to OAuth authentification ?HTTP 302 response to OAuth full-auto authentication ?

Tested with semi-automatic method, works fine. OAuth is a bit cryptic for me, does anyone have any idea what happens when I try with full-automatic method ?

comment:7 by stoecker, 13 years ago

The Server-Interface changed at least. Previously it was http://www.openstreetmap.org/oauth/authorize, now it is http://www.openstreetmap.org/user/.../oauth_clients(/new). Very likely also the data to send has been modified a bit (simply replacing the url did not work in a test). Login seems to work, so only the registration step needs to be fixed.

See trunk/src/org/openstreetmap/josm/data/oauth/OAuthParameters.java, trunk/src/org/openstreetmap/josm/gui/oauth/OsmOAuthAuthorizationClient.java#L384 and trunk/src/org/openstreetmap/josm/gui/oauth/FullyAutomaticAuthorizationUI.java.

in reply to:  6 comment:8 by skyper, 13 years ago

Replying to Don-vip:

Tested with semi-automatic method, works fine.

Ping.

Sorry for not telling but I ran into same situation, 2 days ago. I was not sure if Full-Automatic had ever worked but indeed it did.

comment:9 by stoecker, 13 years ago

Resolution: fixed
Status: newclosed

In [4729/josm]:

fix #7183 - fully automatic OAuth not working

comment:10 by positron96, 12 years ago

Resolution: fixed
Status: closedreopened

comment:11 by positron96, 12 years ago

Confirm similar behaviour in build 5267.
When trying to enable fully-aumatic OAuth JOSM hangs and becomes fully unresponsive (killing the process is the only option).

Exception on console is:

org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationException: OSM website did not return a session cookie in response to 'http://www.openstreetmap.org/oauth/authorize?oauth_token=<this data is probably private>', 
        at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.fetchOAuthToken(OsmOAuthAuthorizationClient.java:358)
        at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.sendAuthorisationRequest(OsmOAuthAuthorizationClient.java:450)
        at org.openstreetmap.josm.gui.oauth.OsmOAuthAuthorizationClient.authorise(OsmOAuthAuthorizationClient.java:561)
        at org.openstreetmap.josm.gui.oauth.FullyAutomaticAuthorizationUI$FullyAutomaticAuthorisationTask.realRun(FullyAutomaticAuthorizationUI.java:533)
        at org.openstreetmap.josm.gui.PleaseWaitRunnable.doRealRun(PleaseWaitRunnable.java:82)
        at org.openstreetmap.josm.gui.PleaseWaitRunnable.run(PleaseWaitRunnable.java:145)
        at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
        at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
        at java.util.concurrent.FutureTask.run(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
        at java.lang.Thread.run(Unknown Source)

comment:12 by stoecker, 12 years ago

Resolution: worksforme
Status: reopenedclosed

Tested with recent JOSM. Works as expected.

comment:13 by positron96, 12 years ago

This does not mean that it's not a bug, it could mean that this bug is irregular and occasional. Or probably this bug is fixed in unstable versions. Did you use the same stable release?

in reply to:  13 comment:14 by stoecker, 12 years ago

Replying to positron96:

This does not mean that it's not a bug, it could mean that this bug is irregular and occasional.

This possibility always exists. We can't do anything against these until a bug is reproducible or at least understandable.

If we are good JOSM probably has a bug count of less than 2 bugs each 1000 lines of code (we have more than 250000 in core), which means hundreds of bugs. :-)

Or probably this bug is fixed in unstable versions. Did you use the same stable release?

As said I tested recent version, i.e. latest. There have been no changes regarding OAuth for a very long time.

Modify Ticket

Change Properties
Set your email in Preferences
Action
as closed The owner will remain team.
as The resolution will be set.
The resolution will be deleted. Next status will be 'reopened'.

Add Comment
E-mail address and name can be saved in the Preferences .
AttachmentsDescription
 
Note: See TracTickets for help on using tickets.