Are app tokens a production ready product feature nowadays?

Partly. Enabling external services to use the graph api requires a token that does not need human interaction. @tbsbdr @dragotin how do we continue with this? @wkloucek is there a way to mark a feature as experimental?

And if so, what's the reasoning behind this:

For security reasons, bearer tokens can only be generated by the admin on the CLI, token generation via the web api is not enabled.

Why would we do a hardcoded change of the oCIS product default in AUTH_APP_SKIP_USER_GROUPS_IN_TOKEN ?

I'll revert that

Why does this service need another PVC? Even if it was to store data, shouldn't it use either the micro store interface or the storage-system storage!?

🤔 hm, good point. The only implementation currently writes to disk. I'll look into a store backed implementation.

@wkloucek is there a way to mark a feature as experimental?

No, the oCIS chart is intended for production installations only. (with a few exceptions like IDP, IDM, NATS service. Therefore we issue scary warnings in https://github.com/owncloud/ocis-charts/blob/main/charts/ocis/templates/NOTES.txt if you use the builtin ones.)

But in general I'd like to keep out experimental stuff, since the main branch goes straight to production because of the lack of releases of the oCIS chart...

NOTE: we recently even removed the basic auth service because it is obviously not production ready.

From owncloud/ocis#10292 I understood that it's not yet production ready!?

Therefore setting to draft state.