Vend is deprecating HTTP Basic Auth

[pzurek]

The initial plan was to do it at the end of January but it has slipped a couple of times. Now it looks like it may actually happen at the end of June: http://bit.ly/BasicAuthByeBye.

[brucealdridge]

unfortunately i'm putting this in the too hard basket. To do oauth, you either need to have a http endpoint (which is a bit of a pain to setup with a standalone lib) or you need to be able to copy & paste the key into the library somehow. On top of this, vend are issuing new keys every few days (i think it might be 5 or 7 from memory) which introduces a new problem of how to store the keys.

TLDR;

• Too hard to get the initial key
• Too hard to update the key every few days

I've hacked up the lib for my own purposes and hacked in support for both, but there doesn't seem to be an easy way to fix that can just be dropped into any project

[pzurek]

Actually, I don't think that implementing OAuth should be the concern of this library. The consumer of this library should provide a token just like they provide the username and password. How they obtain the token is their problem (not really that hard to solve). Without any change this code will simply stop working which is probably worse outcome than making it work with a user supplied token. This is as simple as putting the token in a header like:

Authorization: Bearer *token*