clinch

dkam/clinch

Fork 0

Commit Graph

Author	SHA1	Message	Date
Dan Milne	fd8785a43d	Add API keys / bearer tokens for forward auth Some checks failed CI / scan_ruby (push) Has been cancelled Details CI / scan_js (push) Has been cancelled Details CI / scan_container (push) Has been cancelled Details CI / lint (push) Has been cancelled Details CI / test (push) Has been cancelled Details CI / system-test (push) Has been cancelled Details Enables server-to-server authentication for forward auth applications (e.g., video players accessing WebDAV) where browser cookies aren't available. API keys use clk_ prefixed tokens stored as HMAC hashes. Bearer token auth is checked before cookie auth in /api/verify. Invalid tokens return 401 JSON (no redirect). Requests without bearer tokens fall through to existing cookie flow unchanged. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-05 21:45:40 +11:00

Author

SHA1

Message

Date

Dan Milne

fd8785a43d

Add API keys / bearer tokens for forward auth

CI / scan_ruby (push) Has been cancelled

Details

CI / scan_js (push) Has been cancelled

Details

CI / scan_container (push) Has been cancelled

Details

CI / lint (push) Has been cancelled

Details

CI / test (push) Has been cancelled

Details

CI / system-test (push) Has been cancelled

Details

Enables server-to-server authentication for forward auth applications
(e.g., video players accessing WebDAV) where browser cookies aren't
available. API keys use clk_ prefixed tokens stored as HMAC hashes.

Bearer token auth is checked before cookie auth in /api/verify.
Invalid tokens return 401 JSON (no redirect). Requests without
bearer tokens fall through to existing cookie flow unchanged.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-05 21:45:40 +11:00

1 Commits