issue_comments: 1291277913

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/1852#issuecomment-1291277913 https://api.github.com/repos/simonw/datasette/issues/1852 1291277913 IC_kwDOBm6k_c5M91ZZ 4399499 2022-10-26T00:26:11Z 2022-10-26T00:26:11Z NONE

On that basis, I think the model described above where tokens mainly work to provide an "act on behalf of this actor" - but with optional additional constraints - is a good one.

This is what we do for Sandstorm essentially and I fully agree it's the right way to do API tokens in multiuser systems.

Constraints will definitely be important though. I know I want a token to submit error reports programmatically, but I wouldn't want that token to convey my right to delete tables and records, Little Bobby Tables is out there somewhere, and he's all grown up now.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 1421552095