psf / fundable-packaging-improvements

Packaging improvements that could be funded
52 stars 19 forks source link

pip support for modern authentication methods #49

Open vadave opened 2 years ago

vadave commented 2 years ago

One possible area for funding that seems like it should be a no-brainer is adding support to pip for JSON Web Token (JWT) and x509 client certificate-based authentication. Many organizations use private package repositories, and the current limitation of basic-auth-based credentials is a bit of a downer.

This could have the added benefit of integrating nicely with CI systems like Github Actions and Gitlab-CI, both of which generate JWTs for each job.

vadave commented 2 years ago

And to be clear - I was viewing this a bit different than what's currently mentioned in the fundables page , as that's talking about what sounds like a major refactoring with possible integrations to different credential providers. I'd be happy keeping that functionality "outside" of pip, and simply exposing some mechanism where JWT/x509-type credentials can be configured for different hosts.

cofiem commented 9 months ago

Would this draft PEP address this issue? https://github.com/python/peps/pull/3172/files#diff-02ff357bfc90c25924796075c23d3704348f88e272c9ab37b30956bd3c8ad109