Roundup Tracker - Issues

Message7396

Author rouilj
Recipients rouilj
Date 2021-12-05.16:10:54
Message-id <1638720654.73.0.668245999909.issue2551177@roundup.psfhosted.org>
In-reply-to 
Basic JWT (json web tokens) support was added as part of the 2.0.0
release. Directions for it can be discussed on issue 2551064.

One issue with JWT is that a user can't use a jwt to derive a more restricted
token (say allow read only access to an issue for the next 24 hours from a specific
ip address range).

Investigate the ability to use  https://github.com/ecordell/pymacaroons
to allow users to derive tokens with more limited permissions/scopes
and the changes needed to support adding user specified restrictions.

Pypi uses macaroons (so we have some support for them) and there is a tool for
modifying a pypi macaroon:

  https://github.com/ewjoachim/pypitoken

announced:

  https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi-
tokens/7572
History
Date User Action Args
2021-12-05 16:10:54rouiljsetrecipients: + rouilj
2021-12-05 16:10:54rouiljsetmessageid: <1638720654.73.0.668245999909.issue2551177@roundup.psfhosted.org>
2021-12-05 16:10:54rouiljlinkissue2551177 messages
2021-12-05 16:10:54rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020