Comment 4 for bug 385517

Here's an alternate scenario in which we allow unsigned requests. I think this would be much easier to implement.

Launchpadlib still requires a Credentials object, but the only required aspect of the Credentials object is the consumer name. Launchpadlib uses the consumer name as the User-Agent when making requests, possibly prefaced by 'launchpadlib:'.

When Launchpad gets an unsigned web service request, Launchpad pulls the consumer name out of User-Agent. If the consumer name is not registered with Launchpad as an OAuth consumer, Launchpad automatically registers it. (This maintains our ability to find out-of-control applications.) Launchpad then allows the request to go through as if it were signed with read-only public-only credentials.

Regardless of how we do this, a request not associated with any user will give different results than the same request with the same permissions but associated with a user. For instance, the "me_link" will either be None or the "me_link" key will not show up at all in the representation of the service root.