For users who wish to access the Hippo API in headless scenarios (i.e. deploying an app from CI, like Github Actions), we should come up with a way to generate a personal access token. This way CLI tools like hippo can execute actions on behalf of a user with reduced scope, while also being able to log in without the requirement of going through the whole device authentication flow.
When creating a personal access token, users should be able to:
give it a name
set the expiration date
set the scope of the token (read-only? write Channel config? delete app permissions?)
Currently the only way to create a token is to call the /Account/CreateToken API. That API requires your username and password, and the token is created with full permissions scope (based on the the user's current Role) and a set expiration date (currently 30 minutes). And many users who would try to sign in with an external login provider (like GitHub via #233) probably don't want to use a basic auth flow.
For users who wish to access the Hippo API in headless scenarios (i.e. deploying an app from CI, like Github Actions), we should come up with a way to generate a personal access token. This way CLI tools like
hippo
can execute actions on behalf of a user with reduced scope, while also being able to log in without the requirement of going through the whole device authentication flow.When creating a personal access token, users should be able to:
Currently the only way to create a token is to call the /Account/CreateToken API. That API requires your username and password, and the token is created with full permissions scope (based on the the user's current Role) and a set expiration date (currently 30 minutes). And many users who would try to sign in with an external login provider (like GitHub via #233) probably don't want to use a basic auth flow.