feat: temporary authorization code for batch operations

[purplesmoke05]

draft

Close

#354

Changes

New API

# POST: /accounts/{issuer_address}/temporary_access_token
# GET: /accounts/{issuer_address}/temporary_access_token
# DELETE: /accounts/{issuer_address}/temporary_access_token/{temporary_access_token}

Behavior Changed API

# POST: /bond/transfers
# POST: /bond/tokens/{token_address}/personal_info
# POST: /share/transfers
# POST: /share/tokens/{token_address}/personal_info

New Table

• temporary_access_token

Others

I am wondering how to implement the following

1. Scope

Is it better that request with given temporary token is restricted accessible resource.

2. Token Format

Variable name(including table name) is not yet determined. Token length/ format is same.
As for formatting, I'm going to follow the general method.

• a random string plus a prefix like GitHub/Slack/Shopify token.

  • GitHub
    • e.g. ghp_xxxxx
      • GitHub + Category(Personal Token) + “_” + string(36)
  • GitLab
    • arbitary string(min length: 20)
  • Slack
    • /\b(?:xoxb|xoxp|xapp|xoxa|xoxo|xoxr)-(?:\d-)?(?:[a-zA-Z0-9]{1,40}-)+[a-zA-Z0-9]{1,40}\b/g
  • Shopify
    • /(shppa|shpca|shpat|shpss)_[a-zA-Z0-9]{32,64}/g

• https://gitlab.com/gitlab-org/gitlab/-/blob/master/doc/user/profile/personal_access_tokens.md

• https://github.blog/2021-04-05-behind-githubs-new-authentication-token-formats/

[purplesmoke05]

#354 is implemented in #356. This PR is not required