Skip to content

Instantly share code, notes, and snippets.

@mmd-osm

mmd-osm/oauth2.sh Secret

Created January 23, 2024 18:50
Show Gist options
  • Save mmd-osm/b61956bb4b92e9b37488189379b380c9 to your computer and use it in GitHub Desktop.
Save mmd-osm/b61956bb4b92e9b37488189379b380c9 to your computer and use it in GitHub Desktop.
Download ZIP
OAuth2 example as shell script
Raw
oauth2.sh
#!/bin/bash
# Register your own app under /oauth2/applications, use "urn:ietf:wg:oauth:2.0:oob" as redirect URL
CLIENT_ID="f4K_7SUtJluo94xj3hnN7NJ-U5ZtoOo87mpxuNKIxWs"
CLIENT_SECRET="pgnjYXX0jfSotaPavMswIhgEV3NQAQB1k8JqOd3y3bU"
DOMAIN="https://master.apis.dev.openstreetmap.org"
AUTHORIZATION_ENDPOINT=$(curl --silent $DOMAIN/.well-known/oauth-authorization-server | jq --raw-output '.authorization_endpoint')
TOKEN_ENDPOINT=$(curl --silent $DOMAIN/.well-known/oauth-authorization-server | jq --raw-output '.token_endpoint')
echo "Navigate to the following URL in your browser: " "$AUTHORIZATION_ENDPOINT?response_type=code&client_id=$CLIENT_ID&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob&scope=read_prefs"
read -p "Authorize the request on osm.org, then copy and paste the Authorization code: " CODE
ACCESS_TOKEN=$(curl --silent -X POST -d "grant_type=authorization_code&client_id=$CLIENT_ID&client_secret=$CLIENT_SECRET&code=$CODE&redirect_uri=urn%3Aietf%3Awg%3Aoauth%3A2.0%3Aoob" "$TOKEN_ENDPOINT" | jq --raw-output '.access_token')
echo "Token: $ACCESS_TOKEN"
echo "Let's try to call some API endpoint:"
curl --silent -H "Authorization: Bearer $ACCESS_TOKEN" $DOMAIN/api/0.6/user/details.json
@mmd-osm
Copy link
Author

mmd-osm commented Jan 23, 2024
edited
Loading

A bit more context what this is good for: https://www.openstreetmap.org/user/pnorman/diary/401157#comment56495

Line 9 includes the relevant scopes: "scope=read_prefs" - be sure to double check what scopes are needed for your use case and adjust that line as needed.

Script uses some ideas from https://pydio.com/en/docs/developer-guide/using-curl

@pnorman
Copy link

pnorman commented Jan 23, 2024

Could the curl --oauth2-bearer option be used here?

@mmd-osm
Copy link
Author

mmd-osm commented Jan 24, 2024

Yes, that's probably an option for line 14, although I haven't tested it. I tried to avoid parameters that people might not be familiar with, to make it a bit more explicit what is going on in each step.

By the way, lines 7 + 8 could be hardcoded as well, without going through the discovery based on .well-known/oauth-authorization-server. Since we're supporting RFC 8414, and the curl script from pydio already included it, I simply adjusted it to make it work on osm.org.

@DaveF63
Copy link

DaveF63 commented Jul 31, 2024

Is uploading a GPX using Curl classed as "your own app"?
I'm using AutoHotKey script to perform the procedure, but perplexed as what I need to amend to complete it.

curl -u UName:PWord -H Expect: -F "file=@ %NewFileName%" -F description=%Description% -F tags=%Description% -F visibility=identifiable https://www.openstreetmap.org/api/0.6/gpx/create

@mmd-osm
Copy link
Author

mmd-osm commented Jul 31, 2024

@DaveF63 : Yes, you need to register a new app to upload GPX traces:

image

  • Copy client secret + id that are shown after hitting "Register" and copy them into lines 4 + 5 above.
  • Change the endpoint in line 6 to https://www.openstreetmap.org
  • You can comment out line 14, then run the script once. It will display an access token. You only need to fetch this token once.
  • In your curl one liner, replace -u UName:PWord by -H "Authorization: Bearer $ACCESS_TOKEN" where access token is the same access token as returned by the previous step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment