html_url,issue_url,id,node_id,user,created_at,updated_at,author_association,body,reactions,issue,performed_via_github_app
https://github.com/simonw/datasette/issues/1850#issuecomment-1291430992,https://api.github.com/repos/simonw/datasette/issues/1850,1291430992,IC_kwDOBm6k_c5M-axQ,9599,2022-10-26T02:59:33Z,2022-10-26T02:59:33Z,OWNER,I started the documentation for the API tokens mechanism here: https://docs.datasette.io/en/1.0-dev/authentication.html#api-tokens,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1421529723,
https://github.com/simonw/datasette/issues/1850#issuecomment-1291417755,https://api.github.com/repos/simonw/datasette/issues/1850,1291417755,IC_kwDOBm6k_c5M-Xib,9599,2022-10-26T02:36:52Z,2022-10-26T02:36:58Z,OWNER,"I'm going to set a convention that `""token"": ""something""` in an actor means that they were authenticated by a token.
`""token"": ""dstok""` for example.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1421529723,
https://github.com/simonw/datasette/issues/1850#issuecomment-1291417100,https://api.github.com/repos/simonw/datasette/issues/1850,1291417100,IC_kwDOBm6k_c5M-XYM,9599,2022-10-26T02:35:32Z,2022-10-26T02:35:32Z,OWNER,"It strikes me that users should NOT be able to use a token to create additional tokens.
The current design actually does allow that, since the `dstok_` Bearer token can be used to authenticate calls to the `/-/create-token` page.
So I think I need a mechanism whereby that page can only allow access to users authenticated by cookie.
Not obvious how to do that though, since Datasette's authentication actor system is designed to abstract that detail away!","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1421529723,