Bug: authentication tokens are only accepted via the Auth-Token header, not Authorization
Description
Unlike the documentation states, the core only accepts authentication tokens via the Auth-Token
header, and not the Authorization: AutaToken
method as described in the API documentation.
Priority
Medium - it is serious oversight and a violation of the HTTP spec (the AutaToken
kind is debatable, but at least better), but all API consumers currently use the Auth-Token
method.
Definition of done
When authentication tokens are accepted through the Authorization: AutaToken
method. For compatibility the Auth-Token
header should be kept, for now.