paulsnar
commented
2 years ago Moving to implement this because this might block other progress on testing Spaniel integration. (I don't think it's worth adding a switch to Spaniel's config to disable the token mechanism for the sole purpose of coping with the delay of this ticket.)
As per API spec.
For the most part this requires just a single endpoint, but also a bit of infra around it, notably, cache storage for ephemeral tokens, and database storage for config/permanent token, along with a safe way to issue and verify both; and a middleware for the
/rpcendpoint to filter unauthorized accesses.