Discussed on Jabber whether we want to allow anonymous (key-less) access to REST API, or whether we should require a key for any request. Dave confirmed that anon access is ok.
Our backend actually supports it:
https://sourceforge.net/rest/p/allura/home/
But REST API client we provide (both in-tree rest_api and dependency-free class used in some scripts) insist to be fed with key and secret, so that should be made optional.
We already support it; editing the summary to reflect that.
(All you need to do is leave off all the authentication fields)
RestClient class is for old-style access. Maybe all we need to do for this ticket is add info and an example at https://sourceforge.net/p/forge/documentation/API%20-%20Beta/
Originally by: *anonymous
We really need to settle this once and for all, and provide (and refactor existing scripts to use it) auth class which handles all 3 auth modes supported by us:
So, I'm on that, and last hurdle on the way to perfect API auth is that OAuth as it is implemented has worse end-user usability comparing to otiginal API keys - while it doesn't have to be that way. Writing email on that rigth now.
Ok, with evolution of normal API (OAuth auth) vs import API (API tickets auth), I guess the original idea of making one module to support accesses to various APIs no longer makes sense. So, I unassign this ticket from myself, so whoever will work on elaborating OAuth clients may pick it up.