Switch to Bugzilla API Keys for auth #19
Description
We currently use Bugzilla tokens for authentication, but there are a couple problems with them:
- they expire after 24hrs
and we don't handle that well yet, but we could - they are deprecated and going away "in the version after Bugzilla 5.0."
The best alternative looks like Bugzilla API Keys.
An API Key can be created through the Bugzilla user prefs page (API Keys tab) and then pasted into our app (instead of providing a user and password) and never expire until revoked.
http://bugzilla.readthedocs.org/en/latest/api/core/v1/general.html#authentication
The even slicker way of using API Keys is something called "authentication deligation". The user would click the Login button in our app, it would redirect them to a sign-in page on the Bugzilla instance and then return them back to our app when successfully authenticated. However we're unsure how to enable that auth.cgi page in the example so for now this step seems a reach.
http://bugzilla.readthedocs.org/en/latest/integrating/auth-delegation.html#auth-delegation