Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-6427

Improve Crowd 7.0+ Official documentation wording on Basic Authentication on OAuth

XMLWordPrintable

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      Problem

      Allow basic authentication on API calls

       

      Basic authentication and OAuth are crucial technologies for authenticating users.

       

      Suggested Solution

      We'd like to raise a concern as isage of Basic authentication is not limited to the API and will cause issues when upgrading to Crowd 7.0+ where it is disabled by default.

      We suggest adding that as a critical migration point to the documentation? Specifically to the 7.0 and 7.1 release notes near "OAuth 2.0 security improvements"? There's absolutely no mentioning of the new default behaviour in the Release and Upgrade notes and likely nothing that would indicate that legacy OAuth 1.0 applications would stop working after the upgrade. We believe that deserves a big RED panel in the docs stating that customers restore Oauth 1.0 support by enabling "Allow basic authentication" in case they would like to keep their integrations working.

      Why This Is Important

      when upgrading to Crowd 7.0+ where it can be disabled by default.

              Unassigned Unassigned
              2e857505f334 Pascal Oberle
              Votes:
              1 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: