github/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00
Code Issues Projects Releases Packages Wiki Activity

allow_signed_tokens setting, closes #1856

Browse source
This commit is contained in:
Simon Willison 2022-10-25 19:55:47 -07:00
commit c23fa850e7
8 changed files with 48 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

2
docs/authentication.rst
View file

@ -350,6 +350,8 @@ Coming soon: a mechanism for creating tokens that can only perform a subset of t
This page cannot be accessed by actors with a ``"token": "some-value"`` property. This is to prevent API tokens from being used to automatically create more tokens. Datasette plugins that implement their own form of API token authentication should follow this convention.
You can disable this feature using the :ref:`allow_signed_tokens <setting_allow_signed_tokens>` setting.
.. _permissions_plugins:
Checking permissions in plugins