.env oauth2 config: drop client secret; use URL if API_URL is empty

API.md

@@ -106,7 +106,7 @@ In addition, the following parameters are available as **URL query parameters**:
 
 Environment variables or a dotenv file can be used to configure certain aspects of iD at build time.
 
-* __`ID_API_CONNECTION_URL`__, __`ID_API_CONNECTION_CLIENT_ID`__, __`ID_API_CONNECTION_CLIENT_SECRET`__ - Custom [OAuth2](https://wiki.openstreetmap.org/wiki/OAuth#OAuth_2.0_2) connection details to an OSM API server.
+* __`ID_API_CONNECTION_URL`__, [__`ID_API_CONNECTION_API_URL`__,] __`ID_API_CONNECTION_CLIENT_ID`__  - Custom [OAuth2](https://wiki.openstreetmap.org/wiki/OAuth#OAuth_2.0_2) connection details to an OSM API server.
 * __`ID_API_CONNECTION_API_URL`__ Optional url to use for OSM API calls aftern the initial authentication is complete when using a custom OAuth2 connection (see above). If unspecified, `ID_API_CONNECTION_URL` will be used for both the authentication and subsequent API calls.
 * __`ID_API_CONNECTION`__ - Either `live` or `dev`, if only either one should be made offered for editing.
 * __`ID_PRESETS_CDN_URL`__ - The URL where iD should fetch it's tagging presets from. Needs to point to a CORS enabled web server which is serving the `package.json` and `dist` folder of a repository built on [`@ideditor/schema-builder`](https://github.com/ideditor/schema-builder).

config/envs.mjs

@@ -10,8 +10,8 @@ const envs = {
   ENV__ID_WMF_SITEMATRIX_CDN_URL: JSON.stringify(process.env.ID_WMF_SITEMATRIX_CDN_URL || null),
 
   ENV__ID_API_CONNECTION_URL: JSON.stringify(process.env.ID_API_CONNECTION_URL || null),
+  ENV__ID_API_CONNECTION_API_URL: JSON.stringify(process.env.ID_API_CONNECTION_API_URL || null),
   ENV__ID_API_CONNECTION_CLIENT_ID: JSON.stringify(process.env.ID_API_CONNECTION_CLIENT_ID || null),
-  ENV__ID_API_CONNECTION_CLIENT_SECRET: JSON.stringify(process.env.ID_API_CONNECTION_CLIENT_SECRET || null),
   ENV__ID_API_CONNECTION: JSON.stringify(process.env.ID_API_CONNECTION || null),
 
   ENV__ID_TAGINFO_API_URL: JSON.stringify(process.env.ID_TAGINFO_API_URL || null),

config/id.js

@@ -15,26 +15,22 @@ const defaultOsmApiConnections = {
   live: {
     url: 'https://www.openstreetmap.org',
     apiUrl: 'https://api.openstreetmap.org',
-    client_id: '0tmNTmd0Jo1dQp4AUmMBLtGiD9YpMuXzHefitcuVStc',
-    client_secret: 'BTlNrNxIPitHdL4sP2clHw5KLoee9aKkA7dQbc0Bj7Q'
+    client_id: '0tmNTmd0Jo1dQp4AUmMBLtGiD9YpMuXzHefitcuVStc'
   },
   dev: {
     url: 'https://api06.dev.openstreetmap.org',
-    client_id: 'Ee1wWJ6UlpERbF6BfTNOpwn0R8k_06mvMXdDUkeHMgw',
-    client_secret: 'OnfWFC-JkZNHyYdr_viNn_h_RTZXRslKcUxllOXqf5g'
+    client_id: 'Ee1wWJ6UlpERbF6BfTNOpwn0R8k_06mvMXdDUkeHMgw'
   }
 };
 const osmApiConnections = [];
 if (ENV__ID_API_CONNECTION_URL !== null &&
-    ENV__ID_API_CONNECTION_CLIENT_ID !== null &&
-    ENV__ID_API_CONNECTION_CLIENT_SECRET !== null) {
+    ENV__ID_API_CONNECTION_CLIENT_ID !== null) {
   // user specified API Oauth2 connection details
   // see https://wiki.openstreetmap.org/wiki/OAuth#OAuth_2.0_2
   osmApiConnections.push({
     url: ENV__ID_API_CONNECTION_URL,
-    apiUrl: ENV__ID_API_CONNECTION_API_URL,
-    client_id: ENV__ID_API_CONNECTION_CLIENT_ID,
-    client_secret: ENV__ID_API_CONNECTION_CLIENT_SECRET
+    apiUrl: ENV__ID_API_CONNECTION_API_URL || ENV__ID_API_CONNECTION_URL,
+    client_id: ENV__ID_API_CONNECTION_CLIENT_ID
   });
 } else if (ENV__ID_API_CONNECTION !== null &&
   defaultOsmApiConnections[ENV__ID_API_CONNECTION] !== undefined) {

modules/services/osm.js

@@ -24,7 +24,6 @@ var oauth = osmAuth({
     url: urlroot,
     apiUrl: apiUrlroot,
     client_id: osmApiConnections[0].client_id,
-    client_secret: osmApiConnections[0].client_secret,
     scope: 'read_prefs write_prefs write_api read_gpx write_notes',
     redirect_uri: redirectPath + 'land.html',
     loading: authLoading,

test/spec/services/osm.js

@@ -6,7 +6,6 @@ describe('iD.serviceOsm', function () {
         connection.switch({
             url: 'https://www.openstreetmap.org',
             client_id: '0tmNTmd0Jo1dQp4AUmMBLtGiD9YpMuXzHefitcuVStc',
-            client_secret: 'BTlNrNxIPitHdL4sP2clHw5KLoee9aKkA7dQbc0Bj7Q',
             access_token: 'foo'  // preauth
         });
     }