You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently, tokens can do everything the user account can do, which would make it hard to configure different tokens per user for different purposes. I would like to request granular tokens up to a user's maximum configured permissions, and have a dedicated "Manage Tokens" window for every Technitium user to do so.
Along with OpenID Connect interest in in #488, having limited scope tokens helps make separating users from permission grants possible, and help Technitium to become as similarly compartmentalized as Forgejo/Gitea in terms of access control. An interesting use case for me for me is to have a view-only token for logs, and another write-allowed token to update certain DNS records.
I'm not sure if this is the best way to implement this. Also I understand that this is a huge feature that would rewrite the entire auth backend alongside OIDC support, and would be okay if it's not implemented :)
The text was updated successfully, but these errors were encountered:
Thanks for the suggestion. This will actually require a lot of change in the design to implement. Will need to review how this can be implemented. Even if its feasible, it will take time to implement considering that this will cause a lot of changes to current design.
Hi, thank you so much for this software!
Currently, tokens can do everything the user account can do, which would make it hard to configure different tokens per user for different purposes. I would like to request granular tokens up to a user's maximum configured permissions, and have a dedicated "Manage Tokens" window for every Technitium user to do so.
Along with OpenID Connect interest in in #488, having limited scope tokens helps make separating users from permission grants possible, and help Technitium to become as similarly compartmentalized as Forgejo/Gitea in terms of access control. An interesting use case for me for me is to have a view-only token for logs, and another write-allowed token to update certain DNS records.
I'm not sure if this is the best way to implement this. Also I understand that this is a huge feature that would rewrite the entire auth backend alongside OIDC support, and would be okay if it's not implemented :)
The text was updated successfully, but these errors were encountered: