Add an option in the settings to enable a read-only URL. This URL must contain the retro ID (not slug) and a randomised password. When provided, the password should give a short-lived (a few hours?) read-only token. This will require a second password field in the retro auth data.
After enabling, should be possible to regenerate this URL and disable it.
Depends on #3 to keep sessions open over long periods and #4 to keep refreshing the short-lived token. The refresh mechanism will be different ("password" comes from URL and a different endpoint will be needed), but should be compatible.
Add an option in the settings to enable a read-only URL. This URL must contain the retro ID (not slug) and a randomised password. When provided, the password should give a short-lived (a few hours?) read-only token. This will require a second password field in the retro auth data.
After enabling, should be possible to regenerate this URL and disable it.
Depends on #3 to keep sessions open over long periods and #4 to keep refreshing the short-lived token. The refresh mechanism will be different ("password" comes from URL and a different endpoint will be needed), but should be compatible.