Closed giosakti closed 1 month ago
Actually NSS APIs now use host based token - those are issued when host gets registered.
Some are still not, for example this one on nss
...
def groups_list
token = AccessToken.valid_token params[:token]
if token
...
that API is used by 3rd party services, such as portal to fetch a user groups
Currently on some APIs that is oftenly accessed, such as
nss
we're authenticating with personal access token.Should we refactor it so that it also allows registered
api resources
with theiraccess key
to accessnss
API?Because personal token tied to user, while nss APIs are accessed by external services