issue_comments: 1291417100
This data as json
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/1850#issuecomment-1291417100 | https://api.github.com/repos/simonw/datasette/issues/1850 | 1291417100 | IC_kwDOBm6k_c5M-XYM | 9599 | 2022-10-26T02:35:32Z | 2022-10-26T02:35:32Z | OWNER | It strikes me that users should NOT be able to use a token to create additional tokens. The current design actually does allow that, since the `dstok_` Bearer token can be used to authenticate calls to the `/-/create-token` page. So I think I need a mechanism whereby that page can only allow access to users authenticated by cookie. Not obvious how to do that though, since Datasette's authentication actor system is designed to abstract that detail away! | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | 1421529723 |