It is frustrating to define API-first routes if you do not care which authentication method is used since it can only be done programmatically. This is because the route developer can't know which methods the site builder has enabled (e.g. basic_auth) in advance, but every authentication method must be explicitly specified.
See an example in core.
See an example in contrib.
Allow routes to be defined with _auth: 'TRUE' to permit any available authentication method.
Alternative
If _auth is not defined, allow all methods instead of the default method. This would make it easier to define routes, but may break existing expectations.
Additional allowed value in a route definitions.
None.
Routes can now be defined to permit all enabled authentication methods without writing custom code by specifying
_auth: 'TRUE'in their route definitions.
Active
11.0 π₯
Not all content is available!
It's likely this issue predates Contrib.social: some issue and comment data are missing.
Thanks, @gabesullice for https://www.drupal.org/project/drupal/issues/3200620#comment-14040318 β¨ Allow defining a route with _auth: 'TRUE' to enable all available authentication providers. Active . I was a little stuck until I read this. :)