AuthId endpoints with PUBLISHABLE_KEY

[ogizanagi]

The wiki about PUBLISHABLE_KEY mentions it can be used in order to make auth requests. But it doesn't seem to actually work with the following endpoints:

• /api/:integration/authentications/:authId - To request a specific authentication
• /api/:integration/authentications/:authId/refresh - To refresh a specific authentication

It only work with the SECRET_KEY. Is it expected? Wouldn't it make sense to allow these two endpoints using the PUBLISHABLE_KEY to get the access and refresh tokens? (I don't want to use the proxy for my use-case)

Then, could PizzlyIntegration expose two getAuthentication(authId) and refresh(authId) methods?

[markmichon]

Hey, you're correct. The language is somewhat unclear in the wiki.

Only the secret key is used for the endpoints, and the publishable key is intended only to be used in proxy scenarios where you wouldn't want to expose the secret (like in client-side apps). We're overhauling the docs/wiki at the start of the year to clear some of that up.

As far as the feature, it's certainly an option as long as there's a clear use-case and the access can be toggled by users. Happy to accept a PR or a defined issue that someone in the community can tackle.