Files
@ 9cf90371d0f1
Branch filter:
Location: kallithea/docs/readme.rst
9cf90371d0f1
42 B
text/prs.fallenstein.rst
auth: add support for "Bearer" auth scheme (API key variant)
This allows the API key to be passed in a header instead of the query
string, reducing the risk of accidental API key leaks:
Authorization: Bearer <api key>
The Bearer authorization scheme is standardized in RFC 6750, though
used here outside the full OAuth 2.0 authorization framework. (Full
OAuth can still be added later without breaking existing users.)
This allows the API key to be passed in a header instead of the query
string, reducing the risk of accidental API key leaks:
Authorization: Bearer <api key>
The Bearer authorization scheme is standardized in RFC 6750, though
used here outside the full OAuth 2.0 authorization framework. (Full
OAuth can still be added later without breaking existing users.)