Access without clientID or clientSecret

[EdwinGuzman]

@nonword, @kfriedman and I were talking about how a non-nypl developer can contribute to our apps. They would need a clientId and clientSecret and we can manage the scopes to give them the right access. Unfortunately, right now adding scopes is not something we'll be working on soon.

So we were chatting about making a few API endpoints public, such as:
https://platform.nypl.org/api/v0.1/book-lists/staff-picks/2018-06

So now there's a developer who can update Staff Picks without needing a clientId or clientSecret`. The only problem is that this module requires an oauth key and secret. What do you suggest would be a good approach to updating this module so that it doesn't require it? Perhaps some flag that says it's okay to not authenticate because we know that the calls we're making are on public API endpoints?

Let me know what you think.

[nonword]

The options param to any call accepts an authenticate parameter that can be set to false to override the auth requirement. For apps that only need to fetch Avro schemas (i.e. endpoints that don't require a token) this has been useful. e.g.

client.get('current-schemas/Item', { authenticate: false }).then((resp) => { ... 

[EdwinGuzman]

I missed that. Thanks.