Add authentication of applications

[alexgarel]

Is your feature request related to a problem? Please describe.

Everyone can now do a post against the API and thus register events.
Registering events should only be possible for a set of known applications.

Describe the solution you'd like

I imagine:

• a table listing allowed applications
• an id, description and auth token for each app

Also, in events I would add a column with a link to the app which added the event (it's kind of the author).

We could add a CLI to add applications and get a token (or regenerate it).

Describe alternatives you've considered

The limit of a fixed auth token is that it has to be embedded in mobile / desktop app. It only really works for server side applications.
As mobile app will pass through API, it's ok maybe to start with.

We could use JWT and such things but it seems overkill as a first approach and does not bring much.

Additional context

In the first round, only robotoff and openfoodfacts would need to have a token.

Also we should consider the case of third party app using the API. Would we account for them ? (but it can introduce a way of cheating).

[shlokster]

Hi Alex, I have a doubt here. What do you mean by applications in this context.
Correct me if I'm wrong, from what i have understood so far a user registers an event using the API in Open-food-facts-events. This adds the event to the main app.
In your solution you mentioned displaying a table listing all the allowed applications.
What exactly are these applications you are talking about.