repos: 271665336
This data as json
| id | node_id | name | full_name | private | owner | html_url | description | fork | created_at | updated_at | pushed_at | homepage | size | stargazers_count | watchers_count | language | has_issues | has_projects | has_downloads | has_wiki | has_pages | forks_count | archived | disabled | open_issues_count | license | topics | forks | open_issues | watchers | default_branch | permissions | temp_clone_token | organization | network_count | subscribers_count | readme | readme_html | allow_forking | visibility | is_template | template_repository | web_commit_signoff_required | has_discussions |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 271665336 | MDEwOlJlcG9zaXRvcnkyNzE2NjUzMzY= | datasette-auth-tokens | simonw/datasette-auth-tokens | 0 | 9599 | https://github.com/simonw/datasette-auth-tokens | Datasette plugin for authenticating access using API tokens | 0 | 2020-06-11T23:23:30Z | 2021-10-15T00:52:53Z | 2021-10-15T00:54:20Z | 34 | 4 | 4 | Python | 1 | 1 | 1 | 1 | 0 | 1 | 0 | 0 | 0 | apache-2.0 | ["datasette", "datasette-io", "datasette-plugin"] | 1 | 0 | 4 | main | {"admin": false, "maintain": false, "push": false, "triage": false, "pull": false} | 1 | 3 | # datasette-auth-tokens [](https://pypi.org/project/datasette-auth-tokens/) [](https://github.com/simonw/datasette-auth-tokens/releases) [](https://github.com/simonw/datasette-auth-tokens/actions?query=workflow%3ATest) [](https://github.com/simonw/datasette-auth-tokens/blob/main/LICENSE) Datasette plugin for authenticating access using API tokens ## Installation Install this plugin in the same environment as Datasette. $ pip install datasette-auth-tokens ## Hard-coded tokens Read about Datasette's [authentication and permissions system](https://datasette.readthedocs.io/en/latest/authentication.html). This plugin lets you configure secret API tokens which can be used to make authenticated requests to Datasette. First, create a random API token. A useful recipe for doing that is the following: $ python -c 'import secrets; print(secrets.token_hex(32))' 5f9a486dd807de632200b17508c75002bb66ca6fde1993db1de6cbd446362589 Decide on the actor that this token should represent, for example: ```json { "bot_id": "my-bot" } ``` You can then use `"allow"` blocks to provide that token with permission to access specific actions. To enable access to a configured writable SQL query you could use this in your `metadata.json`: ```json { "plugins": { "datasette-auth-tokens": { "tokens": [ { "token": { "$env": "BOT_TOKEN" }, "actor": { "bot_id": "my-bot" } } ] } }, "databases": { ":memory:": { "queries": { "show_version": { "sql": "select sqlite_version()", "allow": { "bot_id": "my-bot" } } } } } } ``` This uses Datasette's [secret configuration values mechanism](https://datasette.readthedocs.io/en/stable/plugins.html#secret-configuration-values) to allow the secret token to be passed as an environment variable. Run Datasette like this: BOT_TOKEN="this-is-the-secret-token" \ datasette -m metadata.json You can now run authenticated API queries like this: $ curl -H 'Authorization: Bearer this-is-the-secret-token' \ 'http://127.0.0.1:8001/:memory:/show_version.json?_shape=array' [{"sqlite_version()": "3.31.1"}] Additionally you can allow passing the token as a query string parameter, although that's disabled by default given the security implications of URLs with secret tokens included. This may be useful to easily allow embedding data between different services. Simply enable it using the `param` config value: ```json { "plugins": { "datasette-auth-tokens": { "tokens": [ { "token": { "$env": "BOT_TOKEN" }, "actor": { "bot_id": "my-bot" }, } ], "param": "_auth_token" } }, "databases": { ":memory:": { "queries": { "show_version": { "sql": "select sqlite_version()", "allow": { "bot_id": "my-bot" } } } } } } ``` You can now run authenticated API queries like this: $ curl http://127.0.0.1:8001/:memory:/show_version.json?_shape=array&_auth_token=this-is-the-secret-token [{"sqlite_version()": "3.31.1"}] ## Tokens from your database As an alternative (or in addition) to the hard-coded list of tokens you can store tokens in a database table and configure the plugin to access them using a SQL query. Your query needs to take a `:token_id` parameter and return at least two columns: one called `token_secret` and one called `actor_*` - usually `actor_id`. Further `actor_` prefixed columns can be returned to provide more details for the authenticated actor. Here's a simple example of a configuration query: ```sql select actor_id, actor_name, token_secret from tokens where token_id = :token_id ``` This can run against a table like this one: | token_id | token_secret | actor_id | actor_name | | -------- | ------------ | -------- | ---------- | | 1 | bd3c94f51fcd | 78 | Cleopaws | | 2 | 86681b4d6f66 | 32 | Pancakes | The tokens are formed as the token ID, then a hyphen, then the token secret. For example: - `1-bd3c94f51fcd` - `2-86681b4d6f66` The SQL query will be executed with the portion before the hyphen as the `:token_id` parameter. The `token_secret` value returned by the query will be compared to the portion of the token after the hyphen to check if the token is valid. Columns with a prefix of `actor_` will be used to populate the actor dictionary. In the above example, a token of `2-86681b4d6f66` will become an actor dictionary of `{"id": 32, "name": "Pancakes"}`. To configure this, use a `"query"` block in your plugin configuration like this: ```json { "plugins": { "datasette-auth-tokens": { "query": { "sql": "select actor_id, actor_name, token_secret from tokens where token_id = :token_id", "database": "tokens" } } }, "databases": { "tokens": { "allow": {} } } } ``` The `"sql"` key here contains the SQL query. The `"database"` key has the name of the attached database file that the query should be executed against - in this case it would execute against `tokens.db`. ### Securing your tokens Anyone with access to your Datasette instance can use it to read the `token_secret` column in your tokens table. This probably isn't what you want! To avoid this, you should lock down access to that table. The configuration example above shows how to do this using an `"allow": {}` block. Consult Datasette's [Permissions documentation](https://datasette.readthedocs.io/en/stable/authentication.html#permissions) for more information about how to lock down this kind of access. | <div id="readme" class="md" data-path="README.md"><article class="markdown-body entry-content container-lg" itemprop="text"><h1><a id="user-content-datasette-auth-tokens" class="anchor" aria-hidden="true" href="#user-content-datasette-auth-tokens"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>datasette-auth-tokens</h1> <p><a href="https://pypi.org/project/datasette-auth-tokens/" rel="nofollow"><img src="https://camo.githubusercontent.com/8372a0259329c822611c82d155c9e1e29a243723aa17d0061b64bc06216c8e50/68747470733a2f2f696d672e736869656c64732e696f2f707970692f762f6461746173657474652d617574682d746f6b656e732e737667" alt="PyPI" data-canonical-src="https://img.shields.io/pypi/v/datasette-auth-tokens.svg" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-tokens/releases"><img src="https://camo.githubusercontent.com/5c2dba28aad8f4910893ff5a064ae0c826b40c16aae67c5573c17f60c3b5ff97/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f762f72656c656173652f73696d6f6e772f6461746173657474652d617574682d746f6b656e733f696e636c7564655f70726572656c6561736573266c6162656c3d6368616e67656c6f67" alt="Changelog" data-canonical-src="https://img.shields.io/github/v/release/simonw/datasette-auth-tokens?include_prereleases&label=changelog" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-tokens/actions?query=workflow%3ATest"><img src="https://github.com/simonw/datasette-auth-tokens/workflows/Test/badge.svg" alt="Tests" style="max-width: 100%;"></a> <a href="https://github.com/simonw/datasette-auth-tokens/blob/main/LICENSE"><img src="https://camo.githubusercontent.com/1698104e976c681143eb0841f9675c6f802bb7aa832afc0c7a4e719b1f3cf955/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d417061636865253230322e302d626c75652e737667" alt="License" data-canonical-src="https://img.shields.io/badge/license-Apache%202.0-blue.svg" style="max-width: 100%;"></a></p> <p>Datasette plugin for authenticating access using API tokens</p> <h2><a id="user-content-installation" class="anchor" aria-hidden="true" href="#user-content-installation"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Installation</h2> <p>Install this plugin in the same environment as Datasette.</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ pip install datasette-auth-tokens "><pre><code>$ pip install datasette-auth-tokens </code></pre></div> <h2><a id="user-content-hard-coded-tokens" class="anchor" aria-hidden="true" href="#user-content-hard-coded-tokens"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Hard-coded tokens</h2> <p>Read about Datasette's <a href="https://datasette.readthedocs.io/en/latest/authentication.html" rel="nofollow">authentication and permissions system</a>.</p> <p>This plugin lets you configure secret API tokens which can be used to make authenticated requests to Datasette.</p> <p>First, create a random API token. A useful recipe for doing that is the following:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ python -c 'import secrets; print(secrets.token_hex(32))' 5f9a486dd807de632200b17508c75002bb66ca6fde1993db1de6cbd446362589 "><pre><code>$ python -c 'import secrets; print(secrets.token_hex(32))' 5f9a486dd807de632200b17508c75002bb66ca6fde1993db1de6cbd446362589 </code></pre></div> <p>Decide on the actor that this token should represent, for example:</p> <div class="highlight highlight-source-json position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "bot_id": "my-bot" } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>bot_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>my-bot<span class="pl-pds">"</span></span> }</pre></div> <p>You can then use <code>"allow"</code> blocks to provide that token with permission to access specific actions. To enable access to a configured writable SQL query you could use this in your <code>metadata.json</code>:</p> <div class="highlight highlight-source-json position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-tokens": { "tokens": [ { "token": { "$env": "BOT_TOKEN" }, "actor": { "bot_id": "my-bot" } } ] } }, "databases": { ":memory:": { "queries": { "show_version": { "sql": "select sqlite_version()", "allow": { "bot_id": "my-bot" } } } } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-tokens<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>tokens<span class="pl-pds">"</span></span>: [ { <span class="pl-s"><span class="pl-pds">"</span>token<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>$env<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>BOT_TOKEN<span class="pl-pds">"</span></span> }, <span class="pl-s"><span class="pl-pds">"</span>actor<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>bot_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>my-bot<span class="pl-pds">"</span></span> } } ] } }, <span class="pl-s"><span class="pl-pds">"</span>databases<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>:memory:<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>queries<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>show_version<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>sql<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>select sqlite_version()<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>bot_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>my-bot<span class="pl-pds">"</span></span> } } } } } }</pre></div> <p>This uses Datasette's <a href="https://datasette.readthedocs.io/en/stable/plugins.html#secret-configuration-values" rel="nofollow">secret configuration values mechanism</a> to allow the secret token to be passed as an environment variable.</p> <p>Run Datasette like this:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="BOT_TOKEN="this-is-the-secret-token" \ datasette -m metadata.json "><pre><code>BOT_TOKEN="this-is-the-secret-token" \ datasette -m metadata.json </code></pre></div> <p>You can now run authenticated API queries like this:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ curl -H 'Authorization: Bearer this-is-the-secret-token' \ 'http://127.0.0.1:8001/:memory:/show_version.json?_shape=array' [{"sqlite_version()": "3.31.1"}] "><pre><code>$ curl -H 'Authorization: Bearer this-is-the-secret-token' \ 'http://127.0.0.1:8001/:memory:/show_version.json?_shape=array' [{"sqlite_version()": "3.31.1"}] </code></pre></div> <p>Additionally you can allow passing the token as a query string parameter, although that's disabled by default given the security implications of URLs with secret tokens included. This may be useful to easily allow embedding data between different services.</p> <p>Simply enable it using the <code>param</code> config value:</p> <div class="highlight highlight-source-json position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-tokens": { "tokens": [ { "token": { "$env": "BOT_TOKEN" }, "actor": { "bot_id": "my-bot" }, } ], "param": "_auth_token" } }, "databases": { ":memory:": { "queries": { "show_version": { "sql": "select sqlite_version()", "allow": { "bot_id": "my-bot" } } } } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-tokens<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>tokens<span class="pl-pds">"</span></span>: [ { <span class="pl-s"><span class="pl-pds">"</span>token<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>$env<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>BOT_TOKEN<span class="pl-pds">"</span></span> }, <span class="pl-s"><span class="pl-pds">"</span>actor<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>bot_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>my-bot<span class="pl-pds">"</span></span> }, } ], <span class="pl-s"><span class="pl-pds">"</span>param<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>_auth_token<span class="pl-pds">"</span></span> } }, <span class="pl-s"><span class="pl-pds">"</span>databases<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>:memory:<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>queries<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>show_version<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>sql<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>select sqlite_version()<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>bot_id<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>my-bot<span class="pl-pds">"</span></span> } } } } } }</pre></div> <p>You can now run authenticated API queries like this:</p> <div class="snippet-clipboard-content position-relative overflow-auto" data-snippet-clipboard-copy-content="$ curl http://127.0.0.1:8001/:memory:/show_version.json?_shape=array&_auth_token=this-is-the-secret-token [{"sqlite_version()": "3.31.1"}] "><pre><code>$ curl http://127.0.0.1:8001/:memory:/show_version.json?_shape=array&_auth_token=this-is-the-secret-token [{"sqlite_version()": "3.31.1"}] </code></pre></div> <h2><a id="user-content-tokens-from-your-database" class="anchor" aria-hidden="true" href="#user-content-tokens-from-your-database"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Tokens from your database</h2> <p>As an alternative (or in addition) to the hard-coded list of tokens you can store tokens in a database table and configure the plugin to access them using a SQL query.</p> <p>Your query needs to take a <code>:token_id</code> parameter and return at least two columns: one called <code>token_secret</code> and one called <code>actor_*</code> - usually <code>actor_id</code>. Further <code>actor_</code> prefixed columns can be returned to provide more details for the authenticated actor.</p> <p>Here's a simple example of a configuration query:</p> <div class="highlight highlight-source-sql position-relative overflow-auto" data-snippet-clipboard-copy-content="select actor_id, actor_name, token_secret from tokens where token_id = :token_id "><pre><span class="pl-k">select</span> actor_id, actor_name, token_secret <span class="pl-k">from</span> tokens <span class="pl-k">where</span> token_id <span class="pl-k">=</span> :token_id</pre></div> <p>This can run against a table like this one:</p> <table> <thead> <tr> <th>token_id</th> <th>token_secret</th> <th>actor_id</th> <th>actor_name</th> </tr> </thead> <tbody> <tr> <td>1</td> <td>bd3c94f51fcd</td> <td>78</td> <td>Cleopaws</td> </tr> <tr> <td>2</td> <td>86681b4d6f66</td> <td>32</td> <td>Pancakes</td> </tr> </tbody> </table> <p>The tokens are formed as the token ID, then a hyphen, then the token secret. For example:</p> <ul> <li><code>1-bd3c94f51fcd</code></li> <li><code>2-86681b4d6f66</code></li> </ul> <p>The SQL query will be executed with the portion before the hyphen as the <code>:token_id</code> parameter.</p> <p>The <code>token_secret</code> value returned by the query will be compared to the portion of the token after the hyphen to check if the token is valid.</p> <p>Columns with a prefix of <code>actor_</code> will be used to populate the actor dictionary. In the above example, a token of <code>2-86681b4d6f66</code> will become an actor dictionary of <code>{"id": 32, "name": "Pancakes"}</code>.</p> <p>To configure this, use a <code>"query"</code> block in your plugin configuration like this:</p> <div class="highlight highlight-source-json position-relative overflow-auto" data-snippet-clipboard-copy-content="{ "plugins": { "datasette-auth-tokens": { "query": { "sql": "select actor_id, actor_name, token_secret from tokens where token_id = :token_id", "database": "tokens" } } }, "databases": { "tokens": { "allow": {} } } } "><pre>{ <span class="pl-s"><span class="pl-pds">"</span>plugins<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>datasette-auth-tokens<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>query<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>sql<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>select actor_id, actor_name, token_secret from tokens where token_id = :token_id<span class="pl-pds">"</span></span>, <span class="pl-s"><span class="pl-pds">"</span>database<span class="pl-pds">"</span></span>: <span class="pl-s"><span class="pl-pds">"</span>tokens<span class="pl-pds">"</span></span> } } }, <span class="pl-s"><span class="pl-pds">"</span>databases<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>tokens<span class="pl-pds">"</span></span>: { <span class="pl-s"><span class="pl-pds">"</span>allow<span class="pl-pds">"</span></span>: {} } } }</pre></div> <p>The <code>"sql"</code> key here contains the SQL query. The <code>"database"</code> key has the name of the attached database file that the query should be executed against - in this case it would execute against <code>tokens.db</code>.</p> <h3><a id="user-content-securing-your-tokens" class="anchor" aria-hidden="true" href="#user-content-securing-your-tokens"><svg class="octicon octicon-link" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path fill-rule="evenodd" d="M7.775 3.275a.75.75 0 001.06 1.06l1.25-1.25a2 2 0 112.83 2.83l-2.5 2.5a2 2 0 01-2.83 0 .75.75 0 00-1.06 1.06 3.5 3.5 0 004.95 0l2.5-2.5a3.5 3.5 0 00-4.95-4.95l-1.25 1.25zm-4.69 9.64a2 2 0 010-2.83l2.5-2.5a2 2 0 012.83 0 .75.75 0 001.06-1.06 3.5 3.5 0 00-4.95 0l-2.5 2.5a3.5 3.5 0 004.95 4.95l1.25-1.25a.75.75 0 00-1.06-1.06l-1.25 1.25a2 2 0 01-2.83 0z"></path></svg></a>Securing your tokens</h3> <p>Anyone with access to your Datasette instance can use it to read the <code>token_secret</code> column in your tokens table. This probably isn't what you want!</p> <p>To avoid this, you should lock down access to that table. The configuration example above shows how to do this using an <code>"allow": {}</code> block. Consult Datasette's <a href="https://datasette.readthedocs.io/en/stable/authentication.html#permissions" rel="nofollow">Permissions documentation</a> for more information about how to lock down this kind of access.</p> </article></div> | 1 | public | 0 |
Links from other tables
- 7 rows from repo in releases