Comment 1 for bug 385517

Francis asked me to investigate the anonymous creation of OAuth credentials. Here's how the workflow could go:

Right now when you start launchpadlib without giving it a set of credentials, you get sent to the credential creation page. You must be logged in to access this page.

Under the new system, you'd be able to see the credential creation page without logging in. In addition to the different types of credentials you can create now, you'd be able to create an anonymous credential. This would take effect as soon as you clicked the button for it.

The other kinds of credentials would only be created once you'd logged in. If you happened to already be logged in through your web browser when you started launchpadlib, you'd be able to create any kind of credential with one click, the way you can now.

Basically we move the point of login to just before the credential is created.

If we do this there will not be much difference between an anonymous credential and a public-read credential associated with a user. The only difference is that there's no way to revoke an anonymous credential. This is a serious problem and I don't have a good answer for it. We'd either need a way of claiming a credential after the fact, or a one-off revocation protocol.