deislabs / hippo

The WebAssembly Platform
https://docs.hippofactory.dev
Other
415 stars 38 forks source link

account: create personal access token #235

Open bacongobbler opened 3 years ago

bacongobbler commented 3 years ago

For users who wish to access the Hippo API in headless scenarios (i.e. deploying an app from CI, like Github Actions), we should come up with a way to generate a personal access token. This way CLI tools like hippo can execute actions on behalf of a user with reduced scope, while also being able to log in without the requirement of going through the whole device authentication flow.

When creating a personal access token, users should be able to:

Currently the only way to create a token is to call the /Account/CreateToken API. That API requires your username and password, and the token is created with full permissions scope (based on the the user's current Role) and a set expiration date (currently 30 minutes). And many users who would try to sign in with an external login provider (like GitHub via #233) probably don't want to use a basic auth flow.

bacongobbler commented 3 years ago

For reference: https://docs.github.com/en/github/authenticating-to-github/keeping-your-account-and-data-secure/creating-a-personal-access-token

bacongobbler commented 3 years ago

Adding this to 0.2.0 as this will allow users to perform tasks using their account in a CI environment.