Allow basic authentication in the api
View options
- Truncate descriptions
For now, the only authentication mechanism allowed for the api is the use of a single shared token. This token is obviously not distributed to people and therefore, only us have the possibility to use the api. Now that the api is getting more functionalities and we are using it to get the students' files and grades, we should allow access to it by providing an alternative authentication solution. I believe we can do this in multiple steps:
- Connect to the EPFL LDAP (This was already done in !279 (merged))
- Shared secret authentication should now become a
Bearer
token, to align with the HTTP protocol (https://developer.mozilla.org/en-US/docs/Web/HTTP/Authentication) - Enable basic authentication for
/api/v1/*
endpoints. We should be very careful to not allow to create new assignments, new submissions, delete them and to not allow to upload the grades. This is part of the authorization scheme, not authentication, but I'm mentioning it here anyways. - Take care of the authorization scheme.
- Show labels
- Show closed items