Steve Cliff
32 lines
1.8 KiB
Markdown
32 lines
1.8 KiB
Markdown
## Why
|
|
|
|
Planka now supports user-level API key authentication. The current pcli authentication uses session-based JWT tokens (via `Authorization: Bearer <token>`) with an optional OIDC httpOnlyToken cookie path. API keys are simpler, long-lived, and eliminate the need for multiple auth modes. Replacing the current auth with API key auth simplifies both the codebase and the user experience.
|
|
|
|
## What Changes
|
|
|
|
- **BREAKING**: Replace `Authorization: Bearer <token>` header with `x-api-key: <key>` header on all API requests
|
|
- **BREAKING**: Rename environment variable `PLANKA_TOKEN` → `PLANKA_API_KEY`
|
|
- **BREAKING**: Rename CLI flag `--token` → `--api-key`
|
|
- Remove `PLANKA_HTTP_TOKEN` environment variable support
|
|
- Remove `--http-token` CLI flag
|
|
- Remove `HttpOnlyToken` field from the `Client` struct and all OIDC cookie logic
|
|
- Simplify `NewClient` constructor to accept only base URL, API key, and logger
|
|
|
|
## Capabilities
|
|
|
|
### New Capabilities
|
|
|
|
(none)
|
|
|
|
### Modified Capabilities
|
|
|
|
- `api-client`: Authentication header changes from `Authorization: Bearer` to `x-api-key`. Client struct drops `HttpOnlyToken` field. `NewClient` signature simplifies. OIDC cookie logic removed.
|
|
- `cli-commands`: Root command global flags change: `--token` → `--api-key`, `--http-token` removed. Environment variable changes: `PLANKA_TOKEN` → `PLANKA_API_KEY`, `PLANKA_HTTP_TOKEN` removed.
|
|
|
|
## Impact
|
|
|
|
- **Code**: `client/client.go` (struct, constructor, `Do()` method), `cmd/root.go` (flags, env vars, client init)
|
|
- **Users**: All existing users must update their environment variables and any scripts from `PLANKA_TOKEN` to `PLANKA_API_KEY` and generate an API key in Planka
|
|
- **Dependencies**: No dependency changes
|
|
- **API**: No Planka API endpoint changes — only the authentication mechanism used by pcli changes
|