supertokens-core icon indicating copy to clipboard operation
supertokens-core copied to clipboard
verified publisher icon supertokens

How to generate Personal Access Token (PAT)

Open ysaakpr opened this issue 3 years ago • 2 comments

🚀 Feature

Need a feature similar to Github Personal Access Token support on SuperTokens.

Long expiry token which can be used as token to guarantee identity from server side third party integrations. If this already possible, kindly direct me to the documentation link.

ysaakpr avatar Aug 17 '22 08:08 ysaakpr

@ysaakpr you can use the JWT recipe to create tokens which can be issued to users / machine clients for their auth as personal tokens. You can set the token's lifetime to a very long value to make them long lived.

The downside for this approach is that you cannot revoke these tokens unless you store them in your db yourself and check them - but if you are doing that, then you don't really need the JWT recipe anyway, and can just issue tokens yourself. But if revocability is not a feature you want, then the JWT recipe would work well.

See these docs for more info: https://supertokens.com/docs/microservice_auth/introduction

Keeping this issue open until we have something that meets all the needs of a personal access token.

rishabhpoddar avatar Aug 17 '22 09:08 rishabhpoddar

Would be great if the revocability can be integrated in the future. That would allow a more secure way to allow api access for external clients/applications.

bert2002 avatar Sep 12 '22 09:09 bert2002