Please verify that this feature request has NOT been suggested before.
- I checked and didn't find a similar feature request
Problem statement
Our current token system always inherits the permissions from the current user. This makes tokens possibly pretty dangerous. You also need to refresh tokens by hand when they expire.
Suggested solution
There is a known and widely used protocol to solve these issues: oAuth2. After a few experiments, it seems to integrate pretty nicely with our current stack (mapping the role system).
As a breaking step, I would recommend that we later on remove basic auth and amend the token auth model with the same scopes. Similar to how GitHub handles this.
Describe alternatives you've considered
Examples of other systems
Microsoft, Google, GitHub all use oAuth2
Do you want to develop this?
- I want to develop this.
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too