Improve Crowd 7.0+ Official documentation wording on Basic Authentication on OAuth

XMLWordPrintable

    • 2

      Problem

      Allow basic authentication on API calls

       

      Basic authentication and OAuth are crucial technologies for authenticating users.

       

      Suggested Solution

      We'd like to raise a concern as isage of Basic authentication is not limited to the API and will cause issues when upgrading to Crowd 7.0+ where it is disabled by default.

      We suggest adding that as a critical migration point to the documentation? Specifically to the 7.0 and 7.1 release notes near "OAuth 2.0 security improvements"? There's absolutely no mentioning of the new default behaviour in the Release and Upgrade notes and likely nothing that would indicate that legacy OAuth 1.0 applications would stop working after the upgrade. We believe that deserves a big RED panel in the docs stating that customers restore Oauth 1.0 support by enabling "Allow basic authentication" in case they would like to keep their integrations working.

      Why This Is Important

      when upgrading to Crowd 7.0+ where it can be disabled by default.

            Assignee:
            Unassigned
            Reporter:
            Pascal Oberle
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: