OpenStreetMap 标志 OpenStreetMap

Zverik的日记

Moving Python scripts to OAuth2

Zverik 于 2023年十月14日 以 English 发布

Spent today writing a new Python library. Super useful if you are making command-line OSM processing scripts:

https://github.com/Zverik/cli-oauth2

With it you add OAuth2 authentication in just one line of code (well, 3-4 after PEP8).

auth = OpenStreetMapAuth(
    client_id, client_secret, ['read_prefs', 'write_api']
).auth_server(token_test=lambda s: s.get('user/details'))

user_name = auth.get('user/details.json').json()['user']['display_name']

This line starts a local web server, opens OSM OAuth page, catches the redirect, stores the token on disk, and returns a requests session that also prepends the API endpoint to its parameter.

Not very secure — but it doesn’t need to be. One drawback is when publishing sources to github, you would need to publish your client credentials as well. Or just read then from a config file, idk.

Already updated my Simple Revert and OSM to Sandbox scripts to use it. Hope it helps!

电子邮件图标 Bluesky图标 Facebook图标 LinkedIn图标 Mastodon图标 Telegram图标 X图标

讨论

kwiatek_1232023年10月15日 10:49 的评论

Is it a good idea to use this in a library that can be used in other python tools? Can you say more about saving credintials in the configuration file?

Zverik2023年10月15日 11:42 的评论

Of course, should be fine. It stores a user token to $HOME/.config/PythonCliAuth/tokens.json on Linux, or an equivalent on other systems. Dictinary hashes are provider id (“openstreetmap”) + oauth client id for the app. So as long as you make library users provide you with a client id, you’ll be fine.

fititnt2023年10月20日 06:34 的评论

Have things kind of thing already done is helpful, in special if the same programming language the dev like me would likely to do cli tools.

(All my tools still read-only and, if any, they export files to be used with OSM editors)

fititnt2023年10月20日 06:38 的评论

By the way, looking at the https://github.com/Zverik/cli-oauth2/blob/main/src/oauthcli/providers.py is clear there’s some providers.

Did you know if OpenStreetMap Wiki (mediawiki) and Wikidata (the mediawiki/wikibase) have Oauth2? If yes, maybe consider implementing it.

Zverik2023年10月20日 06:48 的评论

For the wiki, you should use tokens it provides: osm.wiki/Special:ApiSandbox#action=query&format=json&meta=tokens&type=login

I believe it’s the same for wikidata, since it also uses MediaWiki (I guess?)

登录以留下评论