Open ghost opened 4 years ago
the token fetched from the preferences URI must currently be handed in the Kibble-Token header of the request, such as in this python example:
issues = requests.post('https://demo.kibble.apache.org/api/issue/issues',
headers = {
'Content-Type': 'application/json',
'Kibble-Token': TOKEN,
},
json = {
"page":"issues",
"quick":True,
"interval": "week",
"subfilter":"/(?:incubator-)?" + project + ".*\\.git",
"distinguish":True
}
).json()
It would be nice if it accepted a token in the Authorization header as well, and when I'm back home, I'll work on making that happen.
I'll also add that the token should be easily visible to the user, which means working on the user interface some more..
Theory:
Apache Kibble only supports cookie authorization for its REST API.
Attempt(s) to falsify the above:
Great we have a "token". Let's see what that does:
Hmm, nothing. Let's attempt traditional authorization schemes. Note that my REST client automatically Base64 encodes 'user pass'.
and
both result in:
Hmm. Let's fiddle with kibble_uisession and see where that leads.
Oh, hello! Let's see what gives.
Conclusion: I have failed to refute the initial theory. Can anyone refute this and if not, comment on any plans available to provide proper authorization scheme for REST Clients?