pycroft icon indicating copy to clipboard operation
pycroft copied to clipboard
verified publisher icon agdsn

RFC compliant auth header

Open agmes4 opened this issue 3 months ago • 0 comments

Issue

we currently implement our own way to integrate the auth part into the authentication header by just putting authentication: apikey KEY. This is not compliant to any auth methods.

Solution

we should implement RFC 7617 in order to keep the key value pair but introduce also an identification for the API. Something like Flask HTTP Auth can be used. https://github.com/agdsn/pycroft/blob/ac4c4635d0e8e51702644060c253ef172e59668e/web/api/v0/init.py#L67-L75

agmes4 avatar Oct 12 '25 18:10 agmes4