Roundup Tracker - Issues

Issue 2551177

classification
Consider macaroon bearer auth token support using pymacaroons
Type: rfe Severity: normal
Components: Web interface Versions:
process
Status: new
:
: : rouilj
Priority: : Effort-Medium

Created on 2021-12-05 16:10 by rouilj, last changed 2022-10-17 02:12 by rouilj.

Messages
msg7396 Author: [hidden] (rouilj) Date: 2021-12-05 16:10
Basic JWT (json web tokens) support was added as part of the 2.0.0
release. Directions for it can be discussed on issue 2551064.

One issue with JWT is that a user can't use a jwt to derive a more restricted
token (say allow read only access to an issue for the next 24 hours from a specific
ip address range).

Investigate the ability to use  https://github.com/ecordell/pymacaroons
to allow users to derive tokens with more limited permissions/scopes
and the changes needed to support adding user specified restrictions.

Pypi uses macaroons (so we have some support for them) and there is a tool for
modifying a pypi macaroon:

  https://github.com/ewjoachim/pypitoken

announced:

  https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi-
tokens/7572
msg7650 Author: [hidden] (rouilj) Date: 2022-10-17 02:12
See also: https://fly.io/blog/api-tokens-a-tedious-survey/

and for server to server:

  https://web.archive.org/web/20200507173734/https://latacora.micro.blog/a-childs-garden/
History
Date User Action Args
2022-10-17 02:12:38rouiljsetmessages: + msg7650
2021-12-05 16:10:54rouiljcreate