Skip to content

Support Access Tokens as Authentication Mechanism #482

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sigmavirus24 opened this issue Jul 27, 2019 · 8 comments
Closed

Support Access Tokens as Authentication Mechanism #482

sigmavirus24 opened this issue Jul 27, 2019 · 8 comments
Labels
enhancement security Issue that is related to security features of twine or PyPI

Comments

@sigmavirus24
Copy link
Member

PyPI now supports scoped access tokens, we should grow support for this as appropriate: https://discuss.python.org/t/pypi-security-work-multifactor-auth-progress-help-needed/1042/31
@sigmavirus24 sigmavirus24 added enhancement security Issue that is related to security features of twine or PyPI labels Jul 27, 2019
@di
Copy link
Member

di commented Jul 27, 2019
edited
Loading

@sigmavirus24 This should "just work" without any changes to twine by using __token__ as the username and the token as the password. What additional support do you think twine needs here?

@sigmavirus24
Copy link
Member Author

Ah, I hadn't gotten around to reading the link. I see that it should continue working. I was thinking we might need to add support for retrieving the token on behalf of users.

@jaraco jaraco mentioned this issue Aug 13, 2019
Closed
@almarklein
Copy link

almarklein commented Jan 14, 2020
edited
Loading

by using @token as the username and the token as the password

Is this documented somewhere? The only thing I could find is this issue :D

@almarklein
Copy link

almarklein commented Jan 14, 2020
edited
Loading

On https://pypi.org/manage/account/token/ it says the username is supposed to be __token__ btw.

@di
Copy link
Member

di commented Jan 14, 2020

@almarklein Yep, we changed it not long after the launch -- I'll edit that comment.

@di
Copy link
Member

di commented Jan 14, 2020

This is also documented here: https://pypi.org/help/#apitoken

@sorenwacker
Copy link

It doesn't seem to work though.

@di
Copy link
Member

di commented Feb 12, 2020

@soerendip Please file a new issue w/ all details and we'll try to help.

@bulkan bulkan mentioned this issue Feb 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement security Issue that is related to security features of twine or PyPI
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@sigmavirus24 @di @almarklein @sorenwacker