Since I can’t properly react, please join me in my living room for some popcorn while I pontificate in long-form prose. But don’t read the extif data off the image file and show up at my doorstep. That would just be weird.
Before I go on, I just want to clarify that you’re about to read the words of a complete moron who definitely qualifies as an unqualified developer. At least, as far as web authentication goes. My intelligence on other topics remains up for debate.
I’ve actually had to implement OAuth2 once, when I built StreetFerret, which authenticates with Strava. I stumbled through writing the code, and then once I got it working, promptly forgot how it worked and prayed that I’d never have to touch the code. So, I’m well-acquianted with being too dumb to implement OAuth2.
I actually think that even Basic Auth is too complicated for new and inexperienced developers.
Yikes! Even more gobbedlygook! I actually had to implement refresh tokens also for StreetFerret, and bear in mind that this was back in the days when you had to write shoddy code yourself rather than having AI chatbots do it for you.
This is also my approach to software development. But once in awhile the chatbot gets the code right.
Thrown shade right there, but maybe you’re onto something?
Total oversight, and I’ve got the solution.
I agree with @NorthCrab that we should eliminate OAuth2 for easier scripting, and I agree with @pnorman that we should eliminate OAuth 1.0 and Basic Auth. And, I agree with @02JanDal that we should reinvent the wheel, which we are so good at as noted.
I propose SIMPLE web authentication, which stands for Super Insecure, Moron-Proof Login Experience.
The way it works is very simple, you just add your username and password into the querystring of any authenticated request you want to make to openstreetmap.org.
For example, a login request might look like this:
https://www.openstreetmap.org/login?username=ZeLonewolf&password=PopcornLover69
So simple, even a moron could figure out how to curl some sweet, sweet API write requests. It’s also perfectly secure since we’re using HTTPS. To be really user-friendly though, we should consider implementing this functionality on plain-old HTTP as well.
I stand with @NorthCrab in protesting the needless complexity of modern, secure authentication protocols and yearn for a simpler time when passwords were just the names of our pets, and the most advanced hacking tool was a sticky note left under a keyboard1.
Hear hear!
Pass the .
I expect a long-form response to my very serious proposal.
1pretty solid punchline for an AI chatbot I think.