Bakery currently conflicts with Basic Authorization methods of access with no recourse (currently). Because Bakery's cookie structure jumps in at hook_boot this requires other projects to (theoretically) preempt it and do their user login processes in hook_boot and make them happen earlier. This is by design for security as and simplicity; bakery wants to be the authority as far as logging people in securely from 1 place (basically).
This is great, until you want users to utilize your network of applications / systems in a SSO manner but also want data passed around that requires web services to login and perform tasks. Bakery will see an anonymous user and kick over to the login form.
The patch here will provide support for basically applying the "bypass sso" permission for any account that can login via Basic Authorization headers. This means people can login (and by people I mean web systems) via passing credentials to a site. This would allow robots and humans to play nicely with this great cross-domain SSO project without constantly baking cookies and blocking connection :).
It's pretty simple, mostly comments as to why you'd want to do this. This is rolled against 2.x
Active
3.0
Code
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.