Organization and Repository level access token

[folliehiyuki]

Feature Description

It would be nice to have a more limited access token than user access token.

• A Repository-level access token should only be able to read/write its repository, call /repos/ API endpoints and configure repository webhooks.

• An Organization-level access token should be able to authenticate to /orgs/ endpoints and do the same things as Repository-level access token for all the repositories inside it.

I'm a long time GitLab user, so this is just my way of wanting its feature in Gitea. Also, Repository and Organization access token should also have configurable scopes at creation time.

Ref: https://docs.gitlab.com/ee/security/token_overview.html

Screenshots

No response

[folliehiyuki]

I just discovered that someone already asked the same question in https://discourse.gitea.io/t/are-there-organisation-access-tokens/7082.

[KagurazakaNyaa]

It seems to be the solution of #26746. A workaround based on service account is provided in #26754.

[camlafit]

Hello

Looks interesting. At repository level we have yet keys application to allow external acces with ssh key. In other case, we need an http access and token use. If it's possible to manage application access with ssh or token could be very nice.

Thanks a lot

[lunny]

I think an organization-level access token could be the first target because it's similar to a user-level one.

[zapling]

This would make it way more secure when using ArgoCD in a kuberentes setup. This way we could give a more fine grained access based on the orgs.

[jeromecossette-qc]

Any development on that ? It would be really useful