Add the possibility for an user to create ServiceToken in the portal
Sumary
We could add an interface to the portal where the users can create token for ServiceToken Handlers
We could also add a scope notions that people could set. Token lifetime should be customizable too.
Main issues/design points :
The ability to list and revoke token would need us to store the token somewhere. Maybe like a persistent session (don’t know how it works exactly) maybe we should do this in a second time.
We should also discuss about authlevel I have no idea how to handle it.
We should also take care of the docs because it would increase the risk of crsf vulnerability on protected app when an app is protected by cookie or token handler. (Insure the main+ServieToken handler already exist, may need to create it)
What do you think of such a feature ?