Feature: Generate OAuth read-only (and read-write) tokens for server apps

[DougReeder]

Other servers that access RS require setting the tokens manually, as they generally don't have a Web interface.

This is also required to run the RS api-test-suite.

This would probably be part of an admin UI.

Read-only tokens would also allow sharing with friends, but for most apps it's not clear how they would take advantage of that.

[raucao]

What if we just wrote a simple unhosted app that can aquire and display custom tokens for server integration? Since servers are not bound by Origin restrictions (they can just send whatever origin they want), the client ID and redirect URI may as well be a known app that creates tokens for those.

[DougReeder]

A new client app? That sounds straightforward.

[raucao]

Yeah, it would be similar to https://github.com/raucao/rs-backup-auth-page but with a form to specify category name (or root access) and permission level.