It should be possible to have both basic auth and session auth working at the same time on the REST API.
If a request contains basic auth, the user is authentified this way. If auth fails, the request fails.
If a request doesn't contain basic, we look for a session cookie. We check the session's validity if we find one, and the request fails if the session ain't valid.
If the requests has no basic auth header nor session cookie, we log in the anonymous user if allowed.
|Workflow||eZ Engineering Scrumban Workflow [ 61250 ]||EZ* Development Workflow [ 69325 ]|
|Affects Version/s||1.10.1 [ 14808 ]|
|Fix Version/s||Customer request [ 11018 ]|
|Link||This issue relates to CS-6309 [ CS-6309 ]|
|Workflow||EZ* Development Workflow [ 69325 ]||EZEE Development Workflow [ 107426 ]|
|Workflow||EZEE Development Workflow [ 107426 ]||EZEE and EZP Story Workflow [ 127061 ]|
|Status||Open [ 1 ]||Backlog [ 10000 ]|