mnalis left a comment (openstreetmap/openstreetmap-website#5490)
> You don't enter username/password during an Oauth2 flow. You enter them
> before that if you're not actually logged in because the authorization page
> redirects you to the login page in this case.
Well, that's what I meant. When I'm redirected to some page (like
`https://www.openstreetmap.org/login?referer=%2Foauth2%2Fauthorize...`) I
consider that page ***too*** part of the Oauth2 flow (as evidented by string
_"oauth2"_ inside that referer, indicating it was Oauth2 which sent me there).
But if you prefer different terminology for URLs which are called by
`www.openstreetmap.org/oauth2/*` but are not inside that same "directory" (i.e.
URL prefix), I'll be happy to oblige.
> There's ony one somewhere where you enter username/password - the login page,
> if we ignore apps with very questionable login practices like Organic maps.
well, I am not the one to call it questionable or not. 🤷 If those are
unwanted, we could perhaps employ countermeasures to disallow them? (or at
least open issues at their issue trackers to explain why we don't want those,
and what are the acceptable alternatives?)
---
Anyway, if I've (hopefully) managed to clarify the ambiguity in terminology
used; what do you think of
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2602015806
?
To me the advantages would be that the users become aware of the blocks more
often then they do now; are there disadvantages that would outweigh those?
--
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/issues/5490#issuecomment-2815414414
You are receiving this because you are subscribed to this thread.
Message ID:
<openstreetmap/openstreetmap-website/issues/5490/2815414...@github.com>
_______________________________________________
rails-dev mailing list
rails-dev@openstreetmap.org
https://lists.openstreetmap.org/listinfo/rails-dev
