github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

Tests and docs for /-/create-token, refs #1852

Browse source
This commit is contained in:
Simon Willison 2022-10-25 19:04:05 -07:00
commit 7ab091e8ef
3 changed files with 93 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

15
docs/authentication.rst
View file

@ -333,6 +333,21 @@ To limit this ability for just one specific database, use this:
}
}
.. _CreateTokenView:
API Tokens
==========
Datasette includes a default mechanism for generating API tokens that can be used to authenticate requests.
Authenticated users can create new API tokens using a form on the ``/-/create-token`` page.
Created tokens can then be passed in the ``Authorization: Bearer token_here`` header of HTTP requests to Datasette.
A token created by a user will include that user's ``"id"`` in the token payload, so any permissions granted to that user based on their ID will be made available to the token as well.
Coming soon: a mechanism for creating tokens that can only perform a subset of the actions available to the user who created them.
.. _permissions_plugins:
Checking permissions in plugins