Personal Access Tokens or API Keys

adelavega · February 9, 2022, 12:15am

Feature: Personal Access Tokens or API Keys

Description: Often, one wants to grant users access to the API without requiring a typical log in flow. This is either because users want to grant trusted third parties or themselves access in a programmatic setting where a typical login flow would not make sense.

For example, GitHub generates personal access tokens which can be used to access the API, and can be revoked.

Use-case: This is a use case useful for not pushing the burden of logging in to a developer application. For example, in a CLI or a python library, it would be very cumbersome to implement a authentication flow with social, that requires popping up a browser and capturing the access token.

Instead, users could generate a Personal Access Token in order to make API calls programmatically. This is different from M2M use cases, because we want API calls to be restricted the user specific information.

Currently, there is no support for this, which would require use to either implement a cumbersome login in process for programmatic users, implement API keys on our own, or extend the expiration of access tokens to a very large number which is less safe.

konrad.sopala · February 9, 2022, 12:32pm

Hey there!

Thanks for creating this feedback card! Let’s see who else will vote for that!

a19daniellr · May 3, 2022, 11:01am

This sound so interesting and usefull !

konrad.sopala · May 4, 2022, 8:27am

Thanks for adding your +1!

amit9 · August 30, 2022, 4:29am

@konrad.sopala, any update on this feature, if its going to be supported soon. Seems like a basic feature for supporting API based access.

anne-claire.lehenaff · September 7, 2022, 4:26pm

It would be great to get this feature !

dean4 · January 10, 2023, 3:21pm

vote for this one too. my use case is that we need to develop a WooCommerce plugin for merchants. So these merchants will set up the appid and secrets in our WooCommerce plugin. so the plugin will communicate to our backend. I was thinking to create one application per merchants, however it seems having limited on the applications we can create. do you have any suggestions?

Thanks,
Dean

xu.guangyi · January 11, 2023, 4:28am

It would be super great if we can have this feature.

daniel_keysync_io · February 12, 2023, 4:55am

Hey everyone, I think this would be a great addition to Auth0, too, and since we don’t know if they will build it…

I’d like to build it myself. I think an integration to the Auth0 marketplace or something of that like would be great! If you’re interested, do you mind dropping your email on my landing page? I need to see how many people are interested myself. Thanks!

Landing page: https://www.keysync.io/