Github user rob05c commented on a diff in the pull request: https://github.com/apache/incubator-trafficcontrol/pull/551#discussion_r115150493 --- Diff: traffic_ops/experimental/auth/README.md --- @@ -1,6 +1,13 @@ A simple authentication server written in go that authenticates user agains the `tm_user` table and returns a jwt representing the user, incl. its API access capabilities, derived from the user's role. +#### Legacy TO support + +Legacy TO authorization code requires any API call to pass a mojolicios access token in its access control headers. +Untill this code is deprecated, the Auth server and the API GW handle legacy authorization in hte following way: +Upon every sucessful login the auth server performs additional login against legacy TO (mojolicious app) and recieves a lagacy TO authentication token. --- End diff -- Typo, "legacy"
--- If your project is set up for it, you can reply to this email and have your reply appear on GitHub as well. If your project does not have this feature enabled and wishes so, or if the feature is enabled but not working, please contact infrastructure at infrastruct...@apache.org or file a JIRA ticket with INFRA. ---