clarify sm cookie auth for tasklist api

[christinaausley]

Description

Closes https://github.com/camunda/documentation-team/issues/260.

Cookie authentication works only for SM, and in case the customer is not using Identity (in case Identity is up, is not possible to use it).

We can copy this from Operate docs: https://docs.camunda.io/docs/apis-tools/operate-api/operate-api-authentication/#authentication-via-cookie-self-managed-only and just highlight that this works for scenarios where authentication is not managed by Identity.

When should this change go live?

• This is a bug fix, security concern, or something that needs urgent release support. (add bug or support label)
• This is already available but undocumented and should be released within a week. (add available & undocumented label)
• This is on a specific schedule and the assignee will coordinate a release with the DevEx team. (create draft PR and/or add hold label)
• This is part of a scheduled alpha or minor. (add alpha or minor label)
• There is no urgency with this change (add low prio label)

PR Checklist

• My changes are for an upcoming minor release and:
  • are in the /docs directory (version 8.8).
  • are in the /versioned_docs/version-8.7/ directory (version 8.7).
• My changes are for an already released minor and are in a /versioned_docs directory.

• I added a DRI, team, or delegate as a reviewer for technical accuracy and grammar/style:
  • Engineering team review
  • Technical writer review via @camunda/tech-writers unless working with an embedded writer.

[github-actions]

👋 🤖 🤔 Hello, @christinaausley! Did you make your changes in all the right places?

These files were changed only in versioned_docs/version-8.7/. You might want to duplicate these changes in docs/.

• versioned_docs/version-8.7/apis-tools/tasklist-api/tasklist-api-authentication.md

These files were changed only in versioned_docs/version-8.6/. You might want to duplicate these changes in docs/.

• versioned_docs/version-8.6/apis-tools/tasklist-api/tasklist-api-authentication.md

You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines.

[conceptualshark]

This seems to answer the questions in the original ticket, so I don't have any problem approving from a TW perspective, but this currently only applies to the GraphQL docs. It's not clear to me if this was meant/should apply to the Tasklist REST API?

It looks like it used to exist there in 8.4, but was removed at some point: https://docs.camunda.io/docs/8.4/apis-tools/tasklist-api-rest/tasklist-api-rest-authentication/#authentication-via-cookie

We've had so much back and forth on the cookie auth discussions, I am not sure where it should apply, and I'm not sure if listing it there, too, should be addressed in a follow-up.

[akeller]

@marcosgvieira can we have your input and review here?

[houssain-barouni]

LGTM!
❓ do we need the same in 8.8 docs?

[houssain-barouni]

To emphasis that it is managed by Tasklist itself

Suggested change

	Another way to access the Tasklist API in a Self-Managed cluster is to send cookie headers in each request. This works for scenarios where authentication is not managed by Identity. The cookie can be obtained by using the API endpoint `/api/login`:
	Another way to access the Tasklist API in a Self-Managed cluster is to send cookie headers in each request. This works for scenarios where authentication is managed by Tasklist and not by Identity. The cookie can be obtained by using the API endpoint `/api/login`: