Project

General

Profile

Actions

Bug #7141

open

[API] Advertise anonymous token in discovery document

Added by Tom Clegg over 8 years ago. Updated 28 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
API
Target version:
Story points:
-
Release:
Release relationship:
Auto

Description

This will make it possible to access public data anonymously directly through the API, without going through Workbench.

Ideally Workbench (and the download service, when that happens) will also learn this from the discovery doc instead of its own config file.

Background

Even when reading publicly accessible objects, clients must provide a valid API token. We could accept "no token provided" as being equivalent to "anonymous token", but we have decided not to:
  • it's bad enough that 404 means "the object you are requesting does not exist or is not visible with these credentials", without adding another possibility "... or ((your credentials were not received at all for some reason) and (the object you are requesting is not public))".
  • it's good to have fewer special cases in the authentication path

Aside: it wouldn't be unreasonable to use something like "*" or "-" (instead of the usual long string of random characters) as the anonymous token -- assuming there aren't any assumptions in the code base about length or allowed characters.

Actions #1

Updated by Tom Clegg over 8 years ago

  • Description updated (diff)
Actions #2

Updated by Ward Vandewege over 2 years ago

  • Target version deleted (Arvados Future Sprints)
Actions #3

Updated by Peter Amstutz about 1 year ago

  • Release set to 60
Actions #4

Updated by Peter Amstutz 28 days ago

  • Target version set to Future
Actions

Also available in: Atom PDF