Bug: authentication tokens are only accepted via the Auth-Token header, not Authorization
Unlike the documentation states, the core only accepts authentication tokens via the
Auth-Token header, and not the
Authorization: AutaToken method as described in the API documentation.
Medium - it is serious oversight and a violation of the HTTP spec (the
AutaToken kind is debatable, but at least better), but all API consumers currently use the
Definition of done
When authentication tokens are accepted through the
Authorization: AutaToken method. For compatibility the
Auth-Token header should be kept, for now.