@mattab opened this issue on May 29th 2008

Currently authenticating with token_auth works in all modules. We would want to restrict to API module, because there is no need for users to use this mechanism to login.

@mattab commented on July 27th 2008

in [576]

@mattab commented on March 11th 2009

chuckdeal97 please see your feature request in #283 ; feel free to submit any ideas or patches

@mattab commented on March 4th 2010

reopening as I am now convinced that Widgetize is another special case where token_auth should work, at least until #283 is implemented.

@mattab commented on March 18th 2010

I am a bit confused; I generated the widget and manually added the token_auth in the widget URL, eg.``` module=Widgetize&action=iframe&.......&token_auth=$TOKEN_AUTH

And the widgets loaded fine. I thought this wasn't working. This means this bug is invalid; the downside is that you have to manually add the token_auth in the widget URLs but this is expected, as we do not want users to expose by mistake their token_auth, hence why we removed it from the URL.
@mattab commented on March 18th 2010

(In [1935]) Fixes #5655 clarifying documentation regarding widget authentication

This issue was closed on March 18th 2010
Powered by GitHub Issue Mirror