Once users can register accounts (cpan-testers/cpantesters-web#13), we need to allow them to authenticate to the API itself. Once they have authenticated to the API using the same OAuth2 account they authenticated to the CPAN Testers website, they get authorization to the PAUSE and tester accounts.
If OAuth2 is too difficult for API clients to implement, we could also provide token-based authentication (with a web UI for managing tokens).
The security mechanisms we implement must be added to the OAuth2 specification for documentation purposes.
Once users can register accounts (cpan-testers/cpantesters-web#13), we need to allow them to authenticate to the API itself. Once they have authenticated to the API using the same OAuth2 account they authenticated to the CPAN Testers website, they get authorization to the PAUSE and tester accounts.
If OAuth2 is too difficult for API clients to implement, we could also provide token-based authentication (with a web UI for managing tokens).
The security mechanisms we implement must be added to the OAuth2 specification for documentation purposes.