index.html

<!DOCTYPE html>
<head>
    <title>OSM OAuth</title>
</head>
<body>
    <script type='text/javascript' src='ohauth.js'></script>
    <script>
        // in the popup response
        var search = document.location.search;
        if (search !== '') {
            var oauth_token = ohauth.stringQs(search.slice(1));
            var token_secret = document.cookie.match(/ohauth_token_secret=([^;]+)/);
            alert('got:\noauth_token = ' + oauth_token.oauth_token + '\noauth_token_secret = ' + token_secret[1]);
            window.close();
        }
    </script>

    <p>Click the button to authenticate against
        the <a href='http://api06.dev.openstreetmap.org'>development OSM server</a>:
    </p>

    <button id='authenticate'>Authenticate</button>

    <script>
        var host = 'http://api06.dev.openstreetmap.org',
            oauth_secret = 'aMnOOCwExO2XYtRVWJ1bI9QOdqh1cay2UgpbhA6p';
        var o = {
            oauth_consumer_key: 'zwQZFivccHkLs3a8Rq5CoS412fE5aPCXDw9DZj7R',
            oauth_signature_method: 'HMAC-SHA1'
        };

        document.getElementById('authenticate').onclick = function() {
            // Create a 600x550 popup window in the center of the screen
            var w = 600,
                h = 550,
                settings = [
                    ['width', w], ['height', h],
                    ['left', screen.width / 2 - w / 2],
                    ['top', screen.height / 2 - h / 2]].map(function(x) {
                        return x.join('=');
                    }).join(','),
                popup = window.open('about:blank', 'oauth_window', settings);

            o.oauth_timestamp = ohauth.timestamp();
            o.oauth_nonce = ohauth.nonce();
            var url = host + '/oauth/request_token';
            o.oauth_signature = ohauth.signature(oauth_secret, '', ohauth.baseString('POST', url, o));
            ohauth.xhr('POST', url, o, null, {}, function(err, xhr) {
                if (err) { alert(err); return; }
                var token = ohauth.stringQs(xhr.response);
                document.cookie = 'ohauth_token_secret=' + token.oauth_token_secret;
                var at = host + '/oauth/authorize?';

                alert('sending:\noauth_token_secret = ' + token.oauth_token_secret);
                popup.location = at + ohauth.qsString({
                    oauth_token: token.oauth_token,
                    oauth_callback: location.href
                });
            });
        };

    </script>
</body>
</HTML>