I am looking for the best possible solution for the following situation:
We are creating a custom Web-Service for students, with a curated list of core moodle WS functions
and additional external Plugin functions we use. Now we are not quite sure how to handle the token generation for users.
Using the "moodle/webservice:createtoken" capability, students would find their security keys under Preferences.
This would be fine, if not for the issues that:
a) generation from that page does not seem to set the token expiry date properly (which we would like)
b) Tokens for all Web Services are generated (we would like to limit it to only the specific Student-WS)
There is the endpoint "/admin/tool/mobile/launch.php?service=SERVICE_SHORTNAME&passport=ANY" that returns a token for the respective WS. And for the official Moodle Mobile API WS this does not require the createtoken capability. This would be perfect.
Alas, it does require the "moodle/webservice:createtoken"-capability for other Web Services. And then it would have the same Downsides as Solution A.
At this stage the only idea we have to proceed would be to copy the code from "/admin/tool/mobile/launch.php" into a new plugin, and adjust it to fit our needs. This of course has the downside of duplicating the code and having a mostly unnecessary additional page to maintain.
In Conclusion we are looking for:
having some Endpoint or Page for Students to create WebService tokens with an expiry date for the custom Student-WS only.
What would be the best way to achieve this? Are there alternatives I did not mention? Do you think Solution C is viable?
Thank you in advance!