Can I use the logged-in user's token instead of a robot token in a Sanity plugin?

Great question! Yes, you can absolutely use the current logged-in user's authentication token instead of a robot token when building a Sanity Studio plugin.

When you use the useClient hook inside a Studio plugin, it returns a configured Sanity Client that automatically uses the current user's authentication token. You don't need to manually pass any tokens or credentials - the Studio handles this for you behind the scenes.

Here's how to use it in your plugin:

import { useClient } from 'sanity'

function MyPlugin() {
  // This client is authenticated with the current user's token
  const client = useClient({ apiVersion: '2023-05-24' })
  
  // Now you can fetch data using the logged-in user's permissions
  const fetchData = async () => {
    const data = await client.fetch('*[_type == "myType"]')
    return data
  }
  
  // ... rest of your component
}

The key benefit here is that the client respects the current user's permissions. If the user has read access to the dataset, the queries will work. You don't need a separate robot token for this use case.

Important note: Since useClient is a React hook, you can only call it inside React function components or custom hooks - it follows React's rules of hooks. If you need to use the client outside of a React component context, you'd need to pass it down as a prop or use a different approach.

This approach is much cleaner and more secure than using a robot token, as it ensures users can only access data according to their assigned permissions in your Sanity project. The authenticated requests work seamlessly within the Studio environment, making it the preferred method for Studio plugins that need to fetch content.