New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authenticate OSM API calls #3519

merged 5 commits into from Oct 24, 2016


None yet
2 participants

bhousel commented Oct 24, 2016

This attempts to make authenticated calls to the OSM API if the user is logged in.
(see #2262 (comment))

I'm still having some trouble with the map call. The server is not too happy with my attempt to send OAuth headers. Any ideas @zerebubuth ?

Full headers for a typical map call look like this:

Request URL:,40.66397287638667,-74.53124999999982,40.66813955408022
Request Method:GET
Status Code:401 Internal Server Error
Remote Address:
Response Headers
HTTP/1.1 401 Internal Server Error
Date: Mon, 24 Oct 2016 05:20:02 GMT
Server: Apache/2.4.18 (Ubuntu)
Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Max-Age: 1728000
Error: Unauthorized OAuth request.
Cache-Control: no-cache
Content-Length: 0
Content-Type: text/html; charset=utf-8
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Request Headers
GET /api/0.6/map?bbox=-74.53674316406232,40.66397287638667,-74.53124999999982,40.66813955408022 HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.71 Safari/537.36
Origin: http://localhost:8080
Authorization: OAuth oauth_consumer_key="xxxxxxxxxxx", oauth_nonce="SL9Dpd", oauth_signature="xxxxxxxxxxx", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1477286402", oauth_token="xxxxxxxxxxx"
Content-Type: application/x-www-form-urlencoded
Accept: */*
DNT: 1
Referer: http://localhost:8080/
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en,en-US;q=0.8
Query String Parameters

This comment has been minimized.

zerebubuth commented Oct 24, 2016

@bhousel thanks for this, you're great!

I've just pushed a new version of cgimap which gives more info about why a request was unauthorized. Hopefully that will help a little bit. I've also tried out this branch locally to try and repro, but I'm afraid I can't figure out how to make the local instance of iD log in. Is there something I can do to force it to fetch a token?


This comment has been minimized.


bhousel commented Oct 24, 2016

Is there something I can do to force it to fetch a token?

Discussed in chat already, in case anyone finds this later and wants to know the answer: To force authentication, run iD.Connection.authenticate() in the console. (Or just try to save something).

Thanks again, this is working now, merging..

@bhousel bhousel merged commit 8785cbc into master Oct 24, 2016

2 checks passed

continuous-integration/travis-ci/pr The Travis CI build passed
continuous-integration/travis-ci/push The Travis CI build passed

@bhousel bhousel deleted the auth-api-calls branch Oct 24, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment