Re: [openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

I'm not, but my feeling is, sending `id_token` rather than `access_token` is a bit better since if Panoramax instance is compromised nothing is lost since `id_token` is used only for Authentication, not Authorization like `access_token`. -- Reply to this email directly or view it on GitHub: ht

Re: [openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

Closed #5497. -- Reply to this email directly or view it on GitHub: https://github.com/openstreetmap/openstreetmap-website/pull/5497#event-15996923025 You are receiving this because you are subscribed to this thread. Message ID: ___ rails-dev mailing

Re: [openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

I did some more investigation into this, and I agree using `id_token` as way to login into 3rd party service is not very standardized way of doing things, here is rare example of that being done: https://kubernetes.io/docs/reference/access-authn-authz/authentication/#openid-connect-tokens While

[openstreetmap/openstreetmap-website] Add OAuth Refresh token when `openid` scope is used (PR #5497)

### Description OSM `access_token` don't have expiry but `id_token` which is generated when `openid` scope is enabled has expiry of 2 minutes. Making `id_token` to also never expiry seems to me more problematic than no expiry for `access_token` because `id_token` can not be revoked, hence it is

Re: [openstreetmap/openstreetmap-website] Add 'Load more' button that loads newer changesets to history pages (PR #5812)

DavidKarlas left a comment (openstreetmap/openstreetmap-website#5812) Should existing button be renamed to "Load older" and new button to "Load newer"? Just idea... -- Reply to this email directly or view it on GitHub: https://github.com/openstreetmap/openstreetmap-website/pull/5812#issuecommen