The bearer authentication now accepts a {token}:{secret} syntax similar to basic authentication. The secret part is optional to be backward-compatible with existing access tokens.
[ ] adjust token-based authentication to accept an optional secret
[ ] add some tests for pre-1.6 tokens without secrets
[ ] add a warning that access token without secret should be revoked and regenerated
[ ] display the secret once when the access token is created
[ ] display the secret once when a service account is created (it get an initial access token)
The bearer authentication now accepts a
{token}:{secret}syntax similar to basic authentication. The secret part is optional to be backward-compatible with existing access tokens.