Skip to content

Force user to explicitly select token scope, show warning if user scopes to account #6271

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nlhkabu wants to merge 1 commit into from
Closed

Force user to explicitly select token scope, show warning if user scopes to account #6271

nlhkabu wants to merge 1 commit into from

Conversation

@nlhkabu
Copy link
Contributor

@nlhkabu nlhkabu commented Jul 26, 2019

Closes #6266

Screenshot from 2019-07-26 07-49-19

@woodruffw would you be able to write a small snippet of JS that toggles the visibility of the warning, depending on whether or not "Entire account (all projects)" is selected above?

@nlhkabu
Copy link
Contributor Author

nlhkabu commented Jul 26, 2019

@woodruffw what do you think of the copy here?

"have the same power as your account password" isn't technically true, as it will only work for package uploads...

@nlhkabu
Copy link
Contributor Author

nlhkabu commented Jul 26, 2019

In addition to the warning, we could force users to explicitly select their scope, e.g.

Screenshot from 2019-07-26 08-22-58

@woodruffw
Copy link
Member

woodruffw commented Jul 26, 2019

"have the same power as your account password" isn't technically true, as it will only work for package uploads...

Yeah, that's true. How about "will be able to modify all of your projects"?

In addition to the warning, we could force users to explicitly select their scope, e.g.

Great idea! I totally forgot this was possible 😅

@woodruffw
Copy link
Member

woodruffw commented Jul 26, 2019

I'll take a look at adding the JS snippet.

@woodruffw woodruffw mentioned this pull request Jul 26, 2019
Merged
@woodruffw
Copy link
Member

woodruffw commented Jul 26, 2019

Closing in favor of #6274.

@woodruffw woodruffw closed this Jul 26, 2019
@nlhkabu nlhkabu deleted the warn-users-for-whole-account-api-keys branch July 27, 2019 09:49
@nlhkabu nlhkabu changed the title Show warning when user scopes API key to account Force user to explicitly select token scope, show warning if user scopes to account Jul 27, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

API token default scope: user or project?

3 participants

@nlhkabu @woodruffw