This thread is a nebulous feature request that I've heard from people without a lot of concrete discussion.

The idea: Change tokenauth to account for different categories of token use, making the module into an API wrapped around a core path-access plugin.

Comments

Grayside’s picture

Grayside commented
Status: Active » Postponed (maintainer needs more info)

Illustrating the change: Add resource_id, delta, and timestamp to the table.
| uid | token | resource_id | delta | timestamp |

Other potential plugins include:

  • Mailhandler: Use tokenauth as an extra signature identifying a user before accepting posts-by-email. Delta allows restriction of token to a specific node?
  • Shared Link: Share a link to a path (e.g., a file) to other users with an expiration window. Delta allows restricting token to a given issuance date.

It's possible delta & timestamp should be conflated.

By plugin, I mean a Tokenauth plugin or hook implementation which will allow other modules to make use of Tokenauth in nifty ways.

I need feedback before I can pursue planning feature, marking it as such. This will probably be moved to a 2.x branch once that is created.