Better authentication for service API
The service API (the api
blueprint) introduced pre v1 uses plain config-stored bearer tokens for authentication. This makes the config more difficult to maintain and constant-time credential verification difficult.
Before we use the API for anything, we should replace the existing authentication with one based on HTTP basic auth.
-
Add API_CLIENTS_2 config key with client_id/client_secret-like credentials master (!101 (merged)) -
Drop API_CLIENTS in master (!106 (merged)) -
Backport API_CLIENTS_2 to v1.x.x -
Mark API_CLIENTS as deprecated in v1.x.x -
Publish new v1.x.x feature release -
Move API_CLIENTS_2 config key to database (see #107 (closed))
Edited by Julian