You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 7, 2025. It is now read-only.
elemoine edited this page Oct 6, 2014
·
13 revisions
Work In Progress!
API Authentication
This page describes the authentication mechanism for the HTTP API.
Users of the Tasking Manager web interface "log into" the application using their OSM credentials. OSM's Oauth system is used. Tasking Manager uses that system to retrieve the user's id and display_name.
What is important to note and is that Tasking Manager doesn't have its own authentication system. In particular Tasking Manager doesn't have user passwords in its database.
Token-based HTTP Basic
One way to solve the problem involves using HTTP Basic with tokens.
Roles:
TM = Tasking Manager Application
TM Admin = the person who administrates TM
App = the web application based on the TM API
App Admin = the person who administrates App
Workflow:
App Admin creates an OSM user for App
App Admin logs into TM using that OSM user
App Admin goes to /osmtm/token to get a token
App Admin configures App to use OSM user + token as HTTP Basic credentials