I think it is better to implement ProjectToken as a seperate resource instead of including it in Project.

Hey @MisterMX, is there any reason you think it's a better implementation to have a ProjectToken resource?

I had thought about it but didn't like:

• Inability to reference a Role because it's defined within the spec of the Project
• Lead to a breaking change on the Project resources, as the status holds JWTTokensByRole, which will be transferred to ProjectToken
• Tightly coupled with the Project API, the client needs to GET Project to be aware of the status of tokens which will lead to code duplication

I would consider a token its own entity with its own lifecycle. It should be possible to create tokens independently from the project. I would therefor see it as a separate resource.

Can you explain why a breaking change in the project status is necessary?

@MisterMX Indeed, it is not necessary to break if we choose not to. Tokens are part of a project. Could you explain the benefit of having a dedicated lifecycle?

I would argue project tokens do have a separate lifecycle as they can be created and destroyed independently of the project (though they are deleted with the project as well). There might also be the case where the tokens are created separately of the project, i.e. through a separate composition.

All in all I think it makes sense to have a separate resource to have more flexibility at this point.