#1650 Show examples of anon access for the REST API

unreleased
open
nobody
General
nobody
2014-12-01
2011-03-04
No

Discussed on Jabber whether we want to allow anonymous (key-less) access to REST API, or whether we should require a key for any request. Dave confirmed that anon access is ok.

Our backend actually supports it:
https://sourceforge.net/rest/p/allura/home/

But REST API client we provide (both in-tree rest_api and dependency-free class used in some scripts) insist to be fed with key and secret, so that should be made optional.

Related

Tickets: #1618
Tickets: #1767

Discussion

  • Mark Ramm

    Mark Ramm - 2011-03-07
    • milestone: mar-10 --> mar-17
     
  • Rick Copeland - 2011-03-07

    We already support it; editing the summary to reflect that.

    (All you need to do is leave off all the authentication fields)

     
  • Rick Copeland - 2011-03-07
    • summary: Support anon access for the REST API --> Show examples of anon access for the REST API
     
  • Anonymous - 2011-03-17

    Originally by: *anonymous

    We really need to settle this once and for all, and provide (and refactor existing scripts to use it) auth class which handles all 3 auth modes supported by us:

    • Null for anon access
    • OAuth for normal API
    • API tickets for restricted API

    So, I'm on that, and last hurdle on the way to perfect API auth is that OAuth as it is implemented has worse end-user usability comparing to otiginal API keys - while it doesn't have to be that way. Writing email on that rigth now.

     
  • Paul Sokolovsky

    Paul Sokolovsky - 2011-04-06

    Ok, with evolution of normal API (OAuth auth) vs import API (API tickets auth), I guess the original idea of making one module to support accesses to various APIs no longer makes sense. So, I unassign this ticket from myself, so whoever will work on elaborating OAuth clients may pick it up.

    • assigned_to: Paul Sokolovsky --> nobody
     
  • Dave Brondsema

    Dave Brondsema - 2012-09-04
    • labels: --> docs
     

Log in to post a comment.