View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0009556 | Taler | specification | public | 2025-02-17 18:14 | 2025-02-17 20:13 |
| Reporter | Florian Dold | Assigned To | |||
| Priority | low | Severity | feature | Reproducibility | have not tried |
| Status | confirmed | Resolution | open | ||
| Target Version | 1.1 | ||||
| Summary | 0009556: address merchant auth token weirdness | ||||
| Description | * The /token endpoint currently takes only a **Bearer** token as auth and returns another Bearer token. Instead, the /token endpoint should accept credentials via basic auth (and a Bearer token only when refreshing a token). * For human-picked passwords (that are not auth tokens!), we should not require the secret-token: prefix. That prefix should only be necessary for *actual* tokens, not for login credentials. * The response body isn't consistent with the bank (auth_token vs token). | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2025-02-17 18:14 | Florian Dold | New Issue | |
| 2025-02-17 18:14 | Florian Dold | Status | new => assigned |
| 2025-02-17 18:14 | Florian Dold | Assigned To | => Christian Grothoff |
| 2025-02-17 20:13 | Christian Grothoff | Assigned To | Christian Grothoff => |
| 2025-02-17 20:13 | Christian Grothoff | Status | assigned => confirmed |
| 2025-02-17 20:13 | Christian Grothoff | Category | mechant backend => specification |
