Client Keys aren't enforced even when defined

[natanrolnik]

• You've met the prerequisites: https://github.com/ParsePlatform/parse-server/wiki/Parse-Server-Guide#prerequisites.
• You're running the latest version of Parse Server: https://github.com/ParsePlatform/parse-server/releases
• You've searched through existing issues: https://github.com/ParsePlatform/Parse-Server/issues?utf8=%E2%9C%93&q=is%3Aissue Chances are that your issue has been reported or resolved before.

Environment Setup

• Server: 2.2.7 on Heroku

Steps to reproduce

• Setup a Parse Server with applicationId, masterKey, and at least one of the client keys (rest api, dot net, or client key). In this case, set the restAPIKey.
• Issue a request with the headers X-Parse-Application-Id and X-Parse-Rest-API-Key.
• See that the request succeeded
• Now, replace the original value used on X-Parse-Rest-API-Key with Bananas

The ReadMe states that:

Setting any of these keys will require all requests to provide one of the configured keys.

However, if you try to reproduce it with the steps above, you will see that the keys aren't really enforced, even when a few of them are being defined when Parse Server is initialized. When running the same request with the same headers, but pointing to api.parse.com/1, the result is {"error": "unauthorized"}.

[drew-gross]

Closing to avoid duplicating discussion as we are discussing stuff in #1789.

If you have a good use case for client keys and think we should keep them, please post it there.

[natanrolnik]

I initially posted here, but then I realized I should post on #1789 😁