[Bps-public-commit] rt-extension-rest2 branch, master, updated. d5e268ff64eb3a71a2c61453c23111874e8fd262

Shawn Moore shawn at bestpractical.com
Tue Jul 11 15:27:50 EDT 2017 

The branch, master has been updated
       via  d5e268ff64eb3a71a2c61453c23111874e8fd262 (commit)
      from  65c2ab1747091f11426ad24b49f64022b0a7ed77 (commit)

Summary of changes:
 lib/RT/Extension/REST2.pm | 32 ++++++++++++++++++++++++++++----
 1 file changed, 28 insertions(+), 4 deletions(-)

- Log -----------------------------------------------------------------
commit d5e268ff64eb3a71a2c61453c23111874e8fd262
Author: Shawn M Moore <shawn at bestpractical.com>
Date:   Tue Jul 11 19:27:44 2017 +0000

    Expand auth docs

diff --git a/lib/RT/Extension/REST2.pm b/lib/RT/Extension/REST2.pm
index c13f5f2..c923e26 100644
--- a/lib/RT/Extension/REST2.pm
+++ b/lib/RT/Extension/REST2.pm
@@ -158,14 +158,38 @@ numbers start at 1.
 
 =head2 Authentication
 
-Authentication is limited to internal RT usernames and passwords, provided via
+Authentication should B<always> be done over HTTPS/SSL for
+security. You should only serve up the C</REST/2.0/> endpoint over SSL.
+
+=head3 Basic Auth
+
+Authentication may use internal RT usernames and passwords, provided via
 HTTP Basic auth. Most HTTP libraries already have a way of providing basic
 auth credentials when making requests.  Using curl, for example:
 
-    curl -u username:password …
+    curl -u 'username:password' /path/to/REST/2.0
+
+=head3 Token Auth
+
+You may use the L<RT::Authen::Token> extension to authenticate to the
+REST 2 API. Once you've acquired an authentication token in the web
+interface, specify the C<Authorization> header with a value of "token"
+like so:
+
+    curl -H 'Authorization: token …' /path/to/REST/2.0
+
+If the library or application you're using does not support specifying
+additional HTTP headers, you may also pass the authentication token as a
+query parameter like so:
+
+    curl /path/to/REST/2.0?token=…
+
+=head3 Cookie Auth
 
-This sort of authentication should B<always> be done over HTTPS/SSL for
-security.  You should only serve up the C</REST/2.0/> endpoint over SSL.
+Finally, you may reuse an existing cookie from an ordinary web session
+to authenticate against REST2. This is primarily intended for
+interacting with REST2 via JavaScript in the browser. Other REST
+consumers are advised to use the alternatives above.
 
 =head2 Conditional requests (If-Modified-Since)
 

-----------------------------------------------------------------------

More information about the Bps-public-commit mailing list