Simplify authentication over HTTPS

[wrygiel]

Since most Opencaching sites now use HTTPS, OAuth 1.0a authentication might be greatly simplified. When HTTPS is used, OKAPI doesn't have to require signatures, nonces nor timestamps to be included along the request. This makes Level 3 calls much simpler. You can read about this, for example, in this Dropbox developers post:

https://blogs.dropbox.com/developers/2012/07/using-oauth-1-0-with-the-plaintext-signature-method/

Currently, OKAPI still requires HMAC-SHA1 signature method. Over HTTPS, we should support PLAINTEXT method too (and ignore nonces and timestamps in this case).

[wrygiel]

Additionally, we MAY also skip nonce and timestamp verification for HMAC-SHA1 requests, as long as they are made over HTTPS.

[wrygiel]

Beta (undocumented) implementation introduced in 195bcb8.

[andrixnet]

Is this an additional feature, or does it mean compulsory https for all nodes?

[teiling88]

This is an additional feature. It can only be used with https :)