Clarification for this: Media Manager (and indeed anything requiring internal web service use) is unable to authenticate to itself (as the user password is obviously not available). As a result move to a simple token based service (not full oAuth). With both a system based token (only 1 stored in configuration but resettable) and user tokens that can be reset as required (stored in the db). This is more secure than transmitting base64 auth and also allows us to have internal based systems, without full oAuth complexity
Clarification for this: Media Manager (and indeed anything requiring internal web service use) is unable to authenticate to itself (as the user password is obviously not available). As a result move to a simple token based service (not full oAuth). With both a system based token (only 1 stored in configuration but resettable) and user tokens that can be reset as required (stored in the db). This is more secure than transmitting base64 auth and also allows us to have internal based systems, without full oAuth complexity