OpenID is a way to simplify login to various websites by only needing a single password (an OpenID). As such, I think it could have benefits if OpenStreetMap supported OpenID as a relying party for at least two reasons. For one (the main advantage to openID), you don’t need to memorize yet another password for using OSM, which might help particularly infrequent users of OSM. Secondly, you don’t need to trust OSM with your password, a thing that might be particularly relevant due to the fact that OSM currently doesn’t support https for logins and thus passwords might not be as secure as they could be.

To get a feeling for what would be involved to enable OpenID on the main site, I have put together some patches and created a branch in SVN with a test environment on the dev server It would be great if people could give it a quick try to see if it works or breaks for them with the various different OpenID providers and browsers. General comments on the way it is done would also be welcome.

Currently, what is implemented is basically a replacement / addition for the standard password. So you will still need a normal OSM account, including a username and a validated email address. In addition, you can associate the account with your OpenID and use this to log into your account.

As OpenStreetMap consists of several additional services and clients (e.g. Merkator, the wiki, trac or the forum) the current implementation OpenID also has its issues, as it only covers the main Site. Potlatch is fine, as this runs on the main site. JOSM would also be fine, as you can authenticate via OAuth and thus don’t need a username and password to authenticate. However, for the other services, I don’t yet know a solution other than still requiring a password if wanting to use these.

So I am currently mainly looking for two things. Does it actually work for everyone? And is it understandable of how to use it and does it make things easier?


P.S. The test instances on the dev server are completely separate from the main database. You will therefore need to register a new account if you want to try it and there is no street data in its database yet unless you put some in. Any data you do put in will be limited to that test instance and thus does not have to be real data.

too late guy,

just finished josm with oauth.

I don’t quite understand your comment. Can you elaborate?

Yes, it is great that josm now has OAuth, as that means it doesn’t need a password to talk to the main api, which means you can use OpenID on the main site without needing a password at all. I hope that others, like Merkaartor will follow and also support OAuth. Without OAuth, OpenID makes much less sense. So what do you mean by too late?

sorry, just a misunderstanding of mine.