Best way to get API key into AspireUpdate for AspireCloud

[namithj]

We need a user friendly way to get the API key from AC into AU (This would need to be extensible to other repos we decided to carry).

As per the original plan AU was supposed to transparently send the domain name to AC na get an API key and automatically fill in the API Key field. Right now it's not possible as AC requires registration.

Is there something better we can do other than just adding a link to the registration page on AC?

[chuckadams]

I've opened an issue on the AC side for this: aspirepress/AspireCloud#156

The real plan, Mr. Bond, is that API keys are a temporary measure to prevent potential abuse while we're still getting everything "burned in". They'll only be required in the future when an operation needs to be tied to an identity, e.g. if we create an API for leaving reviews. None of the legacy wp.org apis should require a key however.

Still, we could initiate login or registration from the client, and basically do it OAuth style:

• User clicks "Get a Key"
• Browser tab is opened to log in or register on AC, passing a site callback url
• Finalizing login/registration results in a redirect back to that callback, with the url including a nonce
• Site exchanges the nonce for a permanent key.