Issue 2551177: Consider macaroon bearer auth token support using pymacaroons - Roundup tracker

classification

Title:	Consider macaroon bearer auth token support using pymacaroons
Type:	rfe	Severity:	normal
Components:	Web interface	Versions:

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:		Keywords:	Effort-Medium

Created on 2021-12-05 16:10 by rouilj, last changed 2022-10-17 02:12 by rouilj.

Messages
msg7396	Author: [hidden] (rouilj)	Date: 2021-12-05 16:10
Basic JWT (json web tokens) support was added as part of the 2.0.0 release. Directions for it can be discussed on issue 2551064. One issue with JWT is that a user can't use a jwt to derive a more restricted token (say allow read only access to an issue for the next 24 hours from a specific ip address range). Investigate the ability to use https://github.com/ecordell/pymacaroons to allow users to derive tokens with more limited permissions/scopes and the changes needed to support adding user specified restrictions. Pypi uses macaroons (so we have some support for them) and there is a tool for modifying a pypi macaroon: https://github.com/ewjoachim/pypitoken announced: https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi- tokens/7572
msg7650	Author: [hidden] (rouilj)	Date: 2022-10-17 02:12
See also: https://fly.io/blog/api-tokens-a-tedious-survey/ and for server to server: https://web.archive.org/web/20200507173734/https://latacora.micro.blog/a-childs-garden/

History
Date	User	Action	Args
2022-10-17 02:12:38	rouilj	set	messages: + msg7650
2021-12-05 16:10:54	rouilj	create