html_url,issue_url,id,node_id,user,user_label,created_at,updated_at,author_association,body,reactions,issue,issue_label,performed_via_github_app
https://github.com/simonw/datasette/issues/699#issuecomment-611880250,https://api.github.com/repos/simonw/datasette/issues/699,611880250,MDEyOklzc3VlQ29tbWVudDYxMTg4MDI1MA==,9599,simonw,2020-04-10T05:08:54Z,2020-04-10T05:08:54Z,OWNER,"So maybe this is all handled by plugin hooks?

`auth_from_scope(datasette, scope)` would be the main one - for deciding if a user should be authenticated based on data from the scope.

How would a permissions hook work though?","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",582526961,Authentication (and permissions) as a core concept,
https://github.com/simonw/datasette/issues/699#issuecomment-611879821,https://api.github.com/repos/simonw/datasette/issues/699,611879821,MDEyOklzc3VlQ29tbWVudDYxMTg3OTgyMQ==,9599,simonw,2020-04-10T05:06:56Z,2020-04-10T05:06:56Z,OWNER,"Another problem this would solve: if you want multiple authentication mechanisms - GitHub auth for users, `Authorization: bearer xxx` auth for API keys - the order in which they run might end up mattering.

I dealt with this a bit in https://github.com/simonw/datasette-auth-github/issues/59

But having an authentication plugin hook - where playing get to decide if a user should be authenticated based on the incoming ASGI scopes - would be neater.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",582526961,Authentication (and permissions) as a core concept,