OpenStreetMap Logo OpenStreetMap

Blog von Zverik

Moving Python scripts to OAuth2

Verfasst von Zverik am 14. Oktober 2023 in English

Spent today writing a new Python library. Super useful if you are making command-line OSM processing scripts:

https://github.com/Zverik/cli-oauth2

With it you add OAuth2 authentication in just one line of code (well, 3-4 after PEP8).

auth = OpenStreetMapAuth(
    client_id, client_secret, ['read_prefs', 'write_api']
).auth_server(token_test=lambda s: s.get('user/details'))

user_name = auth.get('user/details.json').json()['user']['display_name']

This line starts a local web server, opens OSM OAuth page, catches the redirect, stores the token on disk, and returns a requests session that also prepends the API endpoint to its parameter.

Not very secure — but it doesn’t need to be. One drawback is when publishing sources to github, you would need to publish your client credentials as well. Or just read then from a config file, idk.

Already updated my Simple Revert and OSM to Sandbox scripts to use it. Hope it helps!

E-Mail-Symbol Bluesky-Symbol Facebook-Symbol LinkedIn-Symbol Mastodon-Symbol Telegramm-Symbol X-Symbol

Diskussion

Kommentar von kwiatek_123 am 15. Oktober 2023 um 10:49 Uhr

Is it a good idea to use this in a library that can be used in other python tools? Can you say more about saving credintials in the configuration file?

Kommentar von Zverik am 15. Oktober 2023 um 11:42 Uhr

Of course, should be fine. It stores a user token to $HOME/.config/PythonCliAuth/tokens.json on Linux, or an equivalent on other systems. Dictinary hashes are provider id (“openstreetmap”) + oauth client id for the app. So as long as you make library users provide you with a client id, you’ll be fine.

Kommentar von fititnt am 20. Oktober 2023 um 06:34 Uhr

Have things kind of thing already done is helpful, in special if the same programming language the dev like me would likely to do cli tools.

(All my tools still read-only and, if any, they export files to be used with OSM editors)

Kommentar von fititnt am 20. Oktober 2023 um 06:38 Uhr

By the way, looking at the https://github.com/Zverik/cli-oauth2/blob/main/src/oauthcli/providers.py is clear there’s some providers.

Did you know if OpenStreetMap Wiki (mediawiki) and Wikidata (the mediawiki/wikibase) have Oauth2? If yes, maybe consider implementing it.

Kommentar von Zverik am 20. Oktober 2023 um 06:48 Uhr

For the wiki, you should use tokens it provides: osm.wiki/Special:ApiSandbox#action=query&format=json&meta=tokens&type=login

I believe it’s the same for wikidata, since it also uses MediaWiki (I guess?)

Anmelden, um einen Kommentar zu schreiben