Allow API tokens to be flagged as deprecated.
Review Request #12627 — Created Sept. 26, 2022 and submitted — Latest diff uploaded
This change introduces a concept of deprecated token generators and allows API
tokens to be considered as deprecated if they were generated by a deprecated
token generator. The deprecated token generators can be set via the
Now when a deprecated token is used for authentication, a deprecation notice
will be sent via a response header. Previously, the base
class would include headers set by authentication backends in the response
only when the authentication failed. For the purposes of including
deprecation notices in successful responses, we modified the
to always include any headers set by authentication backends.
- Ran all unit tests
- Made requests using deprecated and non deprecated tokens to some
Reviewboard API endpoints (specifically GET and POST requests to
- Ran all webapi tests in the Reviewboard test suite.