Use OSM credentials on third-party service

Hello all,

I am working on mapcraft with Hind, it’s a separate service on separate host, but we don’t want to have separate base of users/passwords. All our users are our contributors, so the obivious way is to use their main OSM credentials.

For now we implemented login via OAuth, it’s really cool, but it’s more for authorization, then authentication. Mapcraft uses OAuth only for login, and then the key can be safely deleted, but OSM remembers them. And this causes lists like this one for all our users.

I understand, this is wrong scenario. Normally there should be login/pass on one site, login/pass on another and oauth binding between them.

So the questions are following:

  • Are there other usefull authentification methods in OSM for this task?
  • Or may be there is a way to automatically delete useless enties in user’s OAuth settings?

I’ve found topic about OSM as OpenID provider: it would be a nice solution.

And wiki page about Single sign on: but looks like it’s more about OSM’s services then third-party.