We generate those tokens with a prefix, so that we
can decide by looking at a token, whether it's an API Token
or a different kind of token, so that we can decide which
code path to choose for validating the token.
The usage of access tokens as Bearer token has the usability advantage,
that you can paste them as plaintext into tools that expect you
to specify the token as a header.
Also the Basic auth approach for our old tokens usually rather caused
issues, such as browsers prompting for credentials in surprising situations.
If we were to deprecate basic authentication one day, this change today could've
been the first step towards that.
Uses FactoryBot to keep and maintain specific records in a special transaction that does not get removed after each spec.
They automatically are created whenever first hitting them.
This makes an excellent time saver for items that are commonly used, such as an admin user account
Jan Sandbrink