Feature idea: scoped sesame tokens

[tasn]

Hey,

I don't know if it's on the roadmap or even if it's of any interest here, but I'd love to see a way to add a scope to sesame tokens. What do I mean? Designate them to specific views, or specific operations.
For example, you can generate tokens that are used for email login, but at the same time, also generate tokens that can only be used for one-time view of screens. Tokens use for email verification (e.g. for verifying a user approves of an account deletion).

I ended up reimplementing sesame in my project in order to support this, though I wish it was supported here.

Feel free to close this if you think it's out of scope for this project, and thanks a lot for creating it!

[aaugustin]

This is in the same vein as #56, which I deemed out of scope but could reconsider as there seems to be some demand.

It may be possible to do this in a backwards-compatible way when handling tokens manually (i.e. when not using the middleware).

[tasn]

Ah sorry about the dupe. It seems like I didn't search well enough.

It may be possible to do this in a backwards-compatible way when handling tokens manually (i.e. when not using the middleware).

Can just have the non-scope variant (what's there now) just work like it does now, and have scoped calls in addition (or extra parameters) that let you generate and verify. I don't think the scoped variants can/need to be handled automatically.

[aaugustin]

Yes.

[aaugustin]

@tasn The PR I just submitted adds an optional scope parameter to get_token and get_user. Only the code is there — no tests and docs yet. Would you be able to try it and let me know if that's what you want?

[aaugustin]

Version 2.1 is published with this feature. Enjoy!

[aaugustin]

PR is now complete with tests and docs.

[tasn]

Haven't managed to test it yet, but the API looks great, thanks a lot! I'll migrate to it in the next few weeks and will let you know if I encounter any issues. Thanks!