Discrepancy in OpenAPI specification for /api/user/ endpoint

[sgennrw]

Description

The OpenAPI specification for the /api/user/ endpoint incorrectly states that an API key is not required for authentication. However, an API key is necessary to access this endpoint, unless a valid JWT is provided.

Expected Behavior

The OpenAPI specification and API documentation should accurately reflect the following:

1. JWT Authentication:
   • If a valid JWT is provided, the endpoint returns user information based on the JWT, ignoring any query parameters.
2. API Key Authentication:
   • If no JWT is provided, an API key is required.
   • With a valid API key, the endpoint returns user information based on the provided query parameters (e.g., email, username).

[mooreds]

Thanks for your feedback, @sgennrw !

As of 1.50.0, the use of the JWT for authentication against the User API is deprecated:

The use of JWT authentication for the /api/user API is being deprecated. This functionality will be removed in a future release.
If you are using this API with JWT authentication, you will need to modify your integration to use the /oauth2/userinfo endpoint if you have obtained your JWT using an OAuth2 grant, or authenticate the request to the User API using an API key.
Removal of this authentication type is targeted for the end of 2024.

So I'd suggest avoiding this method of authentication. I'll take a todo to update the openapi spec to reflect this.