I'd like to use the iframe widget's in Drupal, but don't like to set up view access to anonymous users. I tried to append the token_auth parameter to the widget URL, but I'm still not able to see the widget and only get the login dialog.
matt: was this deprecated, hence #283?
I've commented on the other case, too. I do not need this big solution with per widget configuration for now. I need to be able to use the users token_auth to login to all widgets.
If I read the other case token_auth should already work with widgets.
Therefore this case seems to be a bug report.
Ok, this was disabled in #235 by  where token_auth access was too broad.
The current rationale is that we should not expose token_auth as that could allow a visitor to handcraft a URL to view any enabled plugin's widget(s).