Use authenticate_with in the Debian repository
🔥 Problem
The Debian Repository is using mainly basic auth for its authentication.
We have been working (implemented in NuGet Repository and helm) in a authenticate_with
helper.
That helper is more accurate in its implementation:
- less "doors" open. Eg. if basic auth is used, http customer headers are not allowed.
- whenever possible (and that's the case with basic auth), the username is checked along with the password.
Note that at the time of this writing Debian Repository is behind a feature flag and not released. It's in alpha state. Thus, this change is not a breaking change per say.
🚒 Solution
- In the Debian Repository, replace
route_setting ....
with a generalauthenticate_with
that describes exactly basic_auth for pat, deploy tokens and ci job tokens. - This change should have
0
impact on the spec examples (unless the proper username was not used)