It is possible to request a token for API operations using the `login/token.php` endpoint.
However, this endpoint works only with username/password. Some applications might want to allow users to sign in via SSO or other methods and still be able to fetch a token.
Allowing an alternative way to create a token using the current session would allow applications to let users login using their preferred login method, while not having to handle the username/password outside of a web view.
This change also doesn't seem difficult to implement. Regarding security, any undesired requests could be solved using the same strategy as in `login/index.php`, a logintoken that verifies that the user started the request. If this token was not found then the script would fallback to default behaviour (user/pass).

If this is something you would consider, I can work on an implementation. Simply let me know your thoughts on this.

Thank you