{"html_url": "https://github.com/simonw/datasette/issues/1852#issuecomment-1291277913", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/1852", "id": 1291277913, "node_id": "IC_kwDOBm6k_c5M91ZZ", "user": {"value": 4399499, "label": "ocdtrekkie"}, "created_at": "2022-10-26T00:26:11Z", "updated_at": "2022-10-26T00:26:11Z", "author_association": "NONE", "body": "> On that basis, I think the model described above where tokens mainly work to provide an \"act on behalf of this actor\" - but with optional additional constraints - is a good one.\n\nThis is what we do for Sandstorm essentially and I fully agree it's the right way to do API tokens in multiuser systems.\n\nConstraints will definitely be important though. I know I want a token to submit error reports programmatically, but I wouldn't want that token to convey my right to delete tables and records, Little Bobby Tables is out there somewhere, and he's all grown up now.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 1421552095, "label": "Default API token authentication mechanism"}, "performed_via_github_app": null}