Feature: Personal Access Tokens or API Keys
Description: Often, one wants to grant users access to the API without requiring a typical log in flow. This is either because users want to grant trusted third parties or themselves access in a programmatic setting where a typical login flow would not make sense.
For example, GitHub generates personal access tokens which can be used to access the API, and can be revoked.
Use-case: This is a use case useful for not pushing the burden of logging in to a developer application. For example, in a CLI or a python library, it would be very cumbersome to implement a authentication flow with social, that requires popping up a browser and capturing the access token.
Instead, users could generate a Personal Access Token in order to make API calls programmatically. This is different from M2M use cases, because we want API calls to be restricted the user specific information.
Currently, there is no support for this, which would require use to either implement a cumbersome login in process for programmatic users, implement API keys on our own, or extend the expiration of access tokens to a very large number which is less safe.