Auth Token #944
Description
For a lot of actions (every download, compute interaction, etc) you need to sign your request.
But what if we have something that needs a lot of requests (MediaPlayers) , or some kind of automation or scripts?
For VS Extension, we can use that token instead of asking the user to import private key of the account.
(In the future, maybe we will have a dapp to select compute node/resources/etc, and then pass the token to vs code)
For better UX, we can generate auth tokens based on a user request and use the token instead of signatures, where possible.
Proposal:
- add new handler & endpoint createToken, which accepts a signed requests and a validUntil parameter and creates an auth-token for that address
- add new handler & endpoint deleteToken, which accepts a signed requests and a auth-token and invalidates an already existing auth-token
- auth-token can be used wherever signing is required, as long as it's still valid
Additional requirements:
- if signature is present in params, it has priority vs auth-token
- nonce is always mandatory.
- auth-token internally maps to a address, so all internal auth/nonce functions are going to use that address