As discussed in Linköping:
"trusted auth" is enabled in configuration by configuring tokens (which are just strings), there are two classes of token, one that allows only normal users and one that allows also admin users.
It would probably be clearer to have two separate auth methods for trusted and normal auth, I propose midgard_user::auth_trusted(string $username, string $token).
When the method is called it checks the configuration whether the given token is defined, then checks whether the user exists and finally checks if the user is admin and whether the token has admin logins enabled.
Return values as with normal password based login.
I don't know how exactly the config files are parsed but in Linköping I suggested the following logical structure:
- trusted_auth
- tokens
- "rueytrie12314"
- "9898rgdjklgdjkl"
The components that need trusted auth will have to have configuration option for specifying the token to use, in general users should configure different tokens for different components to use but that's entirely optional (however it's exceedingly unwise to use admin enabled tokens with something like the facebook connector)
