OAuth2.0 Implementation

[HelNershingThapa]

This PR implements OAuth2.0 authorization framework.

Summary of changes:

• Request Token URL(/oauth/request_token) no longer required. We can directly start with the Authorize URL (/oauth2/authorize) where user logs in on OpenStreetMap.org, the site asks them to grant permissions
• Remove functions that help to generate signatures. timenonce(), getAuth(), etc. that were used to generate signatures have been removed since they are no longer required.
• oauth_request_token_secret is no longer required, so all of its references have been removed.

Some changes were also made on the ohauth dependency - so for the time being, this PR uses my own forked ohauth repo as a dependency. I've also submitted a PR to ohauth upstream. Once those changes get verified, we could use the npm package after it gets published.

[petya-kangalova]

@bhousel thanks so much for the initial feedback via Slack! Much appreciated. I've let @HelNershingThapa know that an option is to make a new release of the libraries that is based on OAuth2 and anyone using them can choose which version to use. And that likely review will be post SOTM-US happening next week. Thank you in advance!

[bhousel]

Thanks @HelNershingThapa & @petya-kangalova !
It looks really well done, and I like that it's a drop in replacement for the current library.
I will have more time to try this after next weeks SOTM-US 👍

[petya-kangalova]

Hi @bhousel ! Hope SOTM-US went well- I checked with our colleague Rob but he said he missed you at SOTM-US. Let us know if you will be able to take a look at the issues this week or that might not be possible. Thank you again in advance!

[bhousel]

I don't feel really comfortable pinning a dependency to your ohauth fork.

Can you instead build on a more widely used OAuth2 library like
https://www.npmjs.com/package/simple-oauth2
https://www.npmjs.com/package/client-oauth2

[HelNershingThapa]

This is only for the time being - until changes on this PR get published. After that, it could be replaced with the newly published version of ohauth.

[bhousel]

But that ohauth library is for OAuth1..

Sorry I didn't realize you submitted pull requests to both places.. but I think the correct way forward is:

• osm-auth should use a supported OAuth2 client library to talk to the OSM API.
• ohauth is a historical implementation of OAuth1 that we won't need anymore.

[bhousel]

Thanks, I was confused by the changes to ohauth, but the rest of the work in index.js looks ok, so I'm just going to accept as-is and look into replacing the upstream ohauth dependency separately.

There's a lot of other stuff in this project that is becoming difficult to work with, so i'll freshen things up and try to get a new v2 release out real soon.

[petya-kangalova]

Thank you so much for reviewing these PRs @bhousel !