Remove authentication for accessing information already available through the web UI
Bug #2023278 reported by
Arturo Enrique Seijas Fernández
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Snap Store Server |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Hi!,
We are running several checks in our CI that currently require a charmhub token to authenticate. This limits community contributions given that forks would require their own token.
The operations we are executing are currently list-lib and fetch-lib, which expose information that is already publicly available. Could authentication be removed from these? Also, it would probably make sense to do the same for querying revisions, resource-revisions and status.
This will probably require changes in charmcraft too.
Thank you!
Revision history for this message
| Daniel Manrique (roadmr) wrote | #1 |
| Changed in snapstore-server: | |
| status: | New → Invalid |
To post a comment you must log in.
As I recall, those APIs are already non-authenticated (otherwise how would the web UI fetch the information? it uses the same API as other clients). So it seems to me this is entirely on the charmcraft side of things.
Can you confirm which version of charmcraft you're using? because I remember we checked this on the Charmhub side, determined that our API does not require authentication for list and fetch, and mentioned to the Charmcraft team, so this might be fixed on newer Charmcraft versions. If not, it's worth bringing up with the Charmcraft folks.