A flow to create individual tokens to access the API

[DefenderOfBasic]

Right now anyone can access the DB through the API. It would be better for security if we required people to create a token to access it, and that can then be revoked on an individual basis. This way we can keep it open but if there are bad actors/someone DDOSing the DB we can revoke it/turn off creation of new tokens etc.

The data on object storage can still be publicly available.

[DefenderOfBasic]

Possible implementation:

• When you login with twitter, you see a token generated for you (stored in the DB?)
• Use JWT for this? https://supabase.com/docs/guides/auth/jwts
• how does revoking work? just go in the supabase dashboard and edit the DB? Or make this "user directory" view have an extra button if the logged in user is @TheExGenesis ? https://www.community-archive.org/user-dir

[timothyylim]

Given the current stage of development CA is at right now, it might even be smart to have a waitlist for access and issue tokens manually.