This looks as easy as grabbing the session from flask and then taking the user_id from that session and validating based on that user id.

I'm not sure why we aren't just using flask_login to authenticate these routes however, since it's already authenticating via session cookie anyways. Maybe flask_login doesn't handle login via the blender_id cookie?

If the goal is not to use session cookies, then the front end needs to be altered to use Bearer Tokens instead, and then the validate_token method needs to not check for session cookies at all... I think.

The create new manager and revoke existing token endpoints are easy to fix.

The problem I'm running into now is with editing a manager.
The interface uses the flamenco/manager patch method, which goes through Pillar's patch_handler, which uses authorization.require_login.

I feel like it would be too intrusive to edit the patch_manager, since that's a part of pillar itself.

I think the best solution for allowing a local user to edit a manager, would be to create an actual edit route, that does not use the patch_handler.
This would more closely mirror pillar's project edit workflow.

But I'm curious what you think @Francesco Siddi (fsiddi)

Hello Kael, unfortunately I'm very busy with other projects at the moment. I'll come back to this conversation later next week.

Hey @Francesco Siddi (fsiddi) , I ended up becoming busy myself with another project as well, but am freed up now and am looking into this again.

Would you have time to look at this, perhaps?

I'm going to have to re-acclimate myself to the project again, but once I do I'd like to go ahead and implement this if it sounds like the right direction to go.

Hi Kael - same here unfortunately. I'm definitely interested in looking into this, but it might take some time. I'll keep you posted!

no problem thanks!