Option to turn off token per user

I've been thinking about this. I try not to tinker with the database, since it's still a bit over my head. However, the tokenauth table seems pretty straightforward with the userID and token listed. If I delete the user1 row, will that securely prevent any user1 logins with a token? Will this create any security holes anywhere? Can I just expand that process to any user I don't want to have a token?

If this is really a solution, can this be worked into the gui? After deleting the user1 row, the token auth tab still shows up under the user edit page, and says "?token=", with no token listed. Is this just a meaningless page? I tried a url with just ?token= at the end, and I got an access denied. Maybe this will work?

"admin" user has all permissions no matter what, so even if we introduce some GUI setting "preventing" admin to do something - s/he can always go and change that setting. In your particular case, you probably do not want people logging in as admin, at all, but logging in with some other user.

How do you envision a user-interface for something like this?

A checkbox on the user edit form, changing which requires "administer tokenauth" permissions and which controls whether auth tokens are enabled/disabled for a user?

P.S. No, it does not seem like simply deleting a row in the DB would solve your problem in a clean way.

You're exactly right. The admins won't be logging in with the token auth.

I believe a gui along the lines of what you mentioned would be great...that would do it exactly.

I guess I should explain my situation. I would like to use Token Auth to access specific nodes inside private organic groups for different clients. The token url would be sent to the clients clients (yes, the clients of the clients; let's call them the 2nd-level client) for them to be able to quickly access the one node they need (to prevent confusion from seeing lots of nodes. Since the token url setttings would be set to access nodes (and not just feeds), I wanted only the 2nd-level client's user to be able to use them.

Now, each client will have a user for their 2nd-level client. And, each 2nd-level client may end up needing to access more than one 2nd-level user account (i.e., may need to access nodes under different clients). In that case, I would need them to able access any node in any group, regardless of whether they are currently in a drupal session with another group. In my testing with this module, I wasn't able to login with a different user token when I was already logged in under another user. (Could you verify this? If it is an issue, is there an easy fix for it? EDIT: Just noticed the session_destroy patch...is that the fix for this?)

Sorry...is that confusing enough? :) Basically, I need the 2nd-level client to have one-click access to any specific node in a private group, irregardless of any previous session that may be open. Feel free to suggest another method to do this...I've gone through lots of other options, but I'm bound to have missed one somewhere (Peek module won't work because the nodes are webforms that need to be submitted.)

I'm looking at this module or easylogin for my situation. Both offer a one-click access to private nodes. Easylogin has a per user ability, but it can't handle the previously-open session issue. I like the flexibility of tokenauth in specifying which pages are available to tokens.

Thanks!