[RFC PATCH] REST: enable token authentication

Stephen Finucane stephen at that.guru
Tue May 30 18:08:40 AEST 2017

On Tue, 2017-05-30 at 16:35 +1000, Andrew Donnellan wrote:
> On 30/05/17 16:26, Russell Currey wrote:
> > What exactly does BA get used for at the moment?
> REST requests that update status, e.g. sending a PATCH request on a 
> patch to change status from "new" to "under-review", or something
> like that.

You also need it to access the '/users' resource, though this is a bit
useless now that we expose much of this information inline with certain
resources ('/patches', for example)

I'm contemplating either removing auth for '/users', or enforcing it
for _all_ endpoints. I'm still on the fence with this though.


More information about the Patchwork mailing list