29 lines
1010 B
Markdown
29 lines
1010 B
Markdown
|
# Create and Manage API Tokens
|
||
|
|
|
||
|
|
**ID:** DEV-001
|
||
|
|
**Priority:** High
|
||
|
|
**Status:** Planned
|
||
|
|
|
||
|
|
## User Story
|
||
|
|
As a developer, I want to create and manage API tokens so that I can integrate my applications with the identity provider programmatically.
|
||
|
|
|
||
|
|
## Acceptance Criteria
|
||
|
|
- [ ] Developer can create new API tokens with custom names
|
||
|
|
- [ ] Token is shown once at creation (cannot be retrieved later)
|
||
|
|
- [ ] Developer can set token expiration (or no expiration)
|
||
|
|
- [ ] Developer can set token scopes/permissions
|
||
|
|
- [ ] List all tokens with creation date and last used
|
||
|
|
- [ ] Revoke individual tokens
|
||
|
|
- [ ] Revoke all tokens at once
|
||
|
|
- [ ] Rate limiting information shown per token
|
||
|
|
|
||
|
|
## Technical Notes
|
||
|
|
- ApiTokenManager exists with basic infrastructure
|
||
|
|
- `loginWithApiToken` endpoint available
|
||
|
|
- Need UI for token management (currently backend only)
|
||
|
|
- Tokens should be hashed before storage (show once)
|
||
|
|
- Consider token prefixes for easy identification (idp_...)
|
||
|
|
|
||
|
|
## Related TODOs
|
||
|
|
- Partial implementation in ApiTokenManager
|