anthonygego
commented
10 months ago I'll close this PR as it simply does not work :
- It does not ask for authorization (No
WWW-Authenticateheader with 401 response code is sent to the browser) - It relies on the main session mechanism : therefore it does not work if the user is not logged in using the usual login prompt. This is not the expected behaviour when using API
Besides, the API session is therefore cookieless (ideally a real token in the future) and should not be the same as for the main platform. We need either to use the same (similar) cookieless mechanism as for LTI session or to rewrite the API so that it does not rely on the Flask session object, or, maybe simpler, look how to export the API as a blueprint with separated sessions (I think Flask support that kind of thing).
Resolves #185