When logging in a token needs to be created to allow the user to make subrequests without needing all the time to pass the credentials.
If we have a token, we don't login, but merely attempt to perform the action and this will check the token instead and either allow or reject it based on the token validity.
We could create short lived tokens or api-tokens which have longer lives for things like gitlab, github to do actions with certain credentials
It should have the following capabilities:
Upon login, create a new token with a default expires_at for a fixed time in the future
When checking (endpoint: /user/check) it should check the expires_at and either accept or reject the token
If expired, remove the token from the database and reject the request
When logging in a token needs to be created to allow the user to make subrequests without needing all the time to pass the credentials.
If we have a token, we don't login, but merely attempt to perform the action and this will check the token instead and either allow or reject it based on the token validity.
We could create short lived tokens or api-tokens which have longer lives for things like gitlab, github to do actions with certain credentials
It should have the following capabilities: