Is your feature request related to a problem? Please describe.
Currently, the recommended approach to authentication is an API key. However, this only enables you to set one API key for your entire staff. This requires key rotation as soon as one staffer leaks the key and/or leaves the team.
Describe the solution you'd like
Therefore, what I would like is simply the — optional — ability to define multiple API keys, e.g.:
"ApiKeys": [
{
"User": "Frank",
"Key": "asd"
},
{
"User": "Sarah",
"Key": "qwe"
},
{
"User": "Kim",
"Key": "zxc"
},
]On a technical level,
ApiKeys has precedence over ApiKey, if present.- The code only really cares about the
Key property. The User property is human metadata.
Describe alternatives you've considered
What we do now instead is use IIS to setup HTTP basic auth, but unfortunately, NuGet (whether through dotnet, VS, or Rider) handles HTTP auth very poorly. The recommended path for them, too, appears to be API keys.
Is your feature request related to a problem? Please describe.
Currently, the recommended approach to authentication is an API key. However, this only enables you to set one API key for your entire staff. This requires key rotation as soon as one staffer leaks the key and/or leaves the team.
Describe the solution you'd like
Therefore, what I would like is simply the — optional — ability to define multiple API keys, e.g.:
On a technical level,
ApiKeyshas precedence overApiKey, if present.Keyproperty. TheUserproperty is human metadata.Describe alternatives you've considered
What we do now instead is use IIS to setup HTTP basic auth, but unfortunately, NuGet (whether through
dotnet, VS, or Rider) handles HTTP auth very poorly. The recommended path for them, too, appears to be API keys.