[Tech Spec] Supporting Bearer Auth

[jgonz120]

Tech spec for #12877

[Copilot]

PR Overview

This PR introduces a tech specification for supporting bearer token authentication for NuGet credential providers. The document outlines the functional and technical changes needed to update the NuGet CLI to support bearer auth, discusses drawbacks, and presents alternative schemes.

Reviewed Changes

File	Description
accepted/2025/supporting-bearer-auth.md	New tech spec document detailing changes to enable bearer token auth

Copilot reviewed 1 out of 1 changed files in this pull request and generated no comments.

[joelverhagen]

Looks good. It is a relatively high level doc with some details left to the implementation. I am fine with this if your team is. Seems like some things are best figured out once you see how the code is factored.

[zivkan]

just nitpick comments, but hardly surprising since I talked to you about this before you wrote the spec 😁

[Copilot]

Pull Request Overview

This PR adds a technical specification detailing support for bearer token authentication in NuGet’s credential providers.

• Introduces a new spec document outlining the requirements and technical rationale.
• Describes the updated authentication behaviors and the limitations of the current .NET HttpClientHandler.
• Lists alternatives and future possibilities regarding credential handling.

Comments suppressed due to low confidence (1)

accepted/2025/supporting-bearer-auth.md:50

• The interface is referenced as 'ICredential', but the linked documentation refers to 'ICredentials'; please update for consistency.

Even though we are adding support for bearer tokens, the ICredential.GetCredential explicitly returns a NetworkCredential, which requires a username and password.