OpenStreetMap OAuth 2

OpenStreetMap supports the OAuth 2.0 protocol. It supports two types of OAuth 2.0 flows:

1. Authorization code with Proof Key for Code Exchange (PKCE)

2. Authorization code

Configuration

• Login to your account

• Register your application as OAuth 2 application on the My Client Applications page

  • Set the redirect URIs to https://example.com/complete/openstreetmap-oauth2/

  • PKCE can be enabled/disabled using the “Confidential application?” flag.

  • Select all required Permissions.

  • Scopes names are shown next to each permission after saving.

• Fill Client ID in SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_KEY and Client Secret in SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_SECRET

  SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_KEY = ‘…’ SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_SECRET = ‘…’

  Note: Client Secret isn’t required for PKCE.

• Enable the backend:

  SOCIAL_AUTH_AUTHENTICATION_BACKENDS = (
    ...
   'social_core.backends.openstreetmap_oauth2.OpenStreetMapOAuth2',
   ...
  )
  

Access tokens currently do not expire automatically.

More documentation at OpenStreetMap Wiki:

Extra Configuration

• You can specify the scopes that your application requires:

  SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_SCOPE  = [ 'read_prefs' ]
  

• You can choose to disable PKCE:

  SOCIAL_AUTH_OPENSTREETMAP_OAUTH2_USE_PKCE = False
  

  By default, True is set.