Remove unneeded client secret, this becomes optional if you uncheck the Confidential Application box

CorruptComputer · CorruptComputer · commit eaea73eef0d6 · 2025-03-06T17:42:16.000-06:00
diff --git a/BlazorWasmOsmOauth.AppHost/BlazorWasmOsmOauth.AppHost.csproj b/BlazorWasmOsmOauth.AppHost/BlazorWasmOsmOauth.AppHost.csproj
@@ -4,15 +4,13 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <!--RuntimeIdentifier>linux-x64</RuntimeIdentifier-->
     <TargetFramework>net9.0</TargetFramework>
     <Nullable>enable</Nullable>
     <ImplicitUsings>enable</ImplicitUsings>
     <LangVersion>latest</LangVersion>
     <TreatWarningsAsErrors>true</TreatWarningsAsErrors>
     <CheckForOverflowUnderflow>true</CheckForOverflowUnderflow>
     <IsAspireHost>true</IsAspireHost>
-    <UserSecretsId>921895ce-56b3-40c7-849d-73de8158112b</UserSecretsId>
   </PropertyGroup>
 
   <ItemGroup>
diff --git a/BlazorWasmOsmOauth/Models/AppConfig.cs b/BlazorWasmOsmOauth/Models/AppConfig.cs
@@ -17,11 +17,6 @@ public sealed class AppConfig
     /// </summary>
     public string ClientId { get; set; } = string.Empty;
 
-    /// <summary>
-    ///   Client Secret from OSM to use, get from: https://www.openstreetmap.org/oauth2/applications
-    /// </summary>
-    public string ClientSecret { get; set; } = string.Empty;
-
     /// <summary>
     ///   Base URL for the OSM OAuth API
     /// </summary>
diff --git a/BlazorWasmOsmOauth/Osm/OsmApiClient.cs b/BlazorWasmOsmOauth/Osm/OsmApiClient.cs
@@ -29,9 +29,13 @@ public class OsmApiClient(IHttpClientFactory httpClientFactory)
     ///   Get the user token from the OSM API, using the code from the OAuth2 flow. Or null if the request fails.
     /// </summary>
     /// <returns></returns>
-    public async Task<TokenResponse?> GetTokenAsync(string code, string redirectUri, string clientId, string clientSecret)
+    public async Task<TokenResponse?> GetTokenAsync(string code, string redirectUri, string clientId)
     {
-        string queryStr = $"grant_type=authorization_code&code={HttpUtility.UrlEncode(code)}&redirect_uri={HttpUtility.UrlEncode(redirectUri)}&client_id={HttpUtility.UrlEncode(clientId)}&client_secret={HttpUtility.UrlEncode(clientSecret)}";
+        string queryStr = "grant_type=authorization_code"
+                            + $"&code={HttpUtility.UrlEncode(code)}"
+                            + $"&redirect_uri={HttpUtility.UrlEncode(redirectUri)}"
+                            + $"&client_id={HttpUtility.UrlEncode(clientId)}";
+
         HttpResponseMessage response = await _authClient.PostAsync($"/oauth2/token?{queryStr}", new StringContent(string.Empty, Encoding.UTF8, "application/x-www-form-urlencoded"));
 
         if (!response.IsSuccessStatusCode)
diff --git a/BlazorWasmOsmOauth/Pages/AuthCompletePage.razor.cs b/BlazorWasmOsmOauth/Pages/AuthCompletePage.razor.cs
@@ -63,7 +63,7 @@ private async Task GetToken()
             return;
         }
 
-        TokenResponse? tokenResp = await osmClient.GetTokenAsync(Code, config.RedirectUri, config.ClientId, config.ClientSecret);
+        TokenResponse? tokenResp = await osmClient.GetTokenAsync(Code, config.RedirectUri, config.ClientId);
 
         if (tokenResp != null)
         {
diff --git a/BlazorWasmOsmOauth/wwwroot/appsettings.Development.json b/BlazorWasmOsmOauth/wwwroot/appsettings.Development.json
@@ -1,6 +1,5 @@
 {
-    "OsmApiBaseUrl": "https://api06.dev.openstreetmap.org",
-    "ClientId": "aXnhGfs4iwP_fCxbYGAc6kj6xcin6K7Iec1lriuAuqs",
-    "ClientSecret": "Zmv1ogqPFy9omXtMlWfTl4ROZ8pgq7BjRTUXoWguJio",
-    "OsmAuthBaseUrl": "https://master.apis.dev.openstreetmap.org"
-  }
+  "OsmApiBaseUrl": "https://api06.dev.openstreetmap.org",
+  "ClientId": "0iCXHcIUNMOWXoZ2W9TxkqVfy4JemAX5g7ExU0JBQGg",
+  "OsmAuthBaseUrl": "https://master.apis.dev.openstreetmap.org"
+}
diff --git a/BlazorWasmOsmOauth/wwwroot/appsettings.Production.json b/BlazorWasmOsmOauth/wwwroot/appsettings.Production.json
@@ -1,6 +1,5 @@
 {
-    "OsmApiBaseUrl": "https://api06.dev.openstreetmap.org",
-    "ClientId": "bioCyRFKB85wB70S0SPF09XIYXDxT_3mZ1RRrBWI-D4",
-    "ClientSecret": "afcGoB5frxi4_yMUUlGH_8jxeCLUHGqWkDJWLkxoTJM",
-    "OsmAuthBaseUrl": "https://master.apis.dev.openstreetmap.org"
-  }
+  "OsmApiBaseUrl": "https://api06.dev.openstreetmap.org",
+  "ClientId": "8LxQ2LsL2LrgOdEwULmU-toNH6jQg9Nb5C8rxfeM8Ik",
+  "OsmAuthBaseUrl": "https://master.apis.dev.openstreetmap.org"
+}
diff --git a/README.md b/README.md
@@ -2,10 +2,14 @@
 
 Example setup for Oauth with Blazor Webassembly.
 
-On the OSM side you'll want to configure the 'Redirect URI' to:
+When creating the Application in OSM make sure to uncheck the 'Confidential application?" box.
+
+Also configure the 'Redirect URI' to:
 - `http(s)://<domain or 127.0.0.1>/oauth2-redirect`
 
-The OSM Client ID and Client Secret are set via one of the following: 
+Since this is an entirely client-side app there can be no client secret, so when OSM tells it to you just ignore that and copy the client ID.
+
+The OSM Client ID is set via one of the following: 
 - `BlazorWasmOsmOauth/wwwroot/appsettings.Development.json`
 - `BlazorWasmOsmOauth/wwwroot/appsettings.Production.json`
 

Original file line number	Diff line number	Diff line change
`@@ -63,7 +63,7 @@ private async Task GetToken()`
`63`	`63`	`return;`
`64`	`64`	`}`
`65`	`65`
`66`		`- TokenResponse? tokenResp = await osmClient.GetTokenAsync(Code, config.RedirectUri, config.ClientId, config.ClientSecret);`
	`66`	`+ TokenResponse? tokenResp = await osmClient.GetTokenAsync(Code, config.RedirectUri, config.ClientId);`
`67`	`67`
`68`	`68`	`if (tokenResp != null)`
`69`	`69`	`{`