Open nlhkabu opened 5 years ago
My thoughts on this:
I think it would be useful to have a place in the project management area where maintainers can view all active API tokens. We could potentially expose this information in the "collaborators" page by listing the API tokens associated with each user (in the table)
We should expose the creation of new user scoped tokens on the project security history, when that user is already associated with the project
When a new user is added to a project (project:role:add
), we should list any user scoped API tokens they have as additional data. Same for when a user is removed (project:role:delete
). E.g.
@brainwane I've added this to the OTF security milestone, but I'm not sure if it's in scope. Please remove the milestone if not :)
@nlhkabu Let's discuss this in the bug triage & work prioritization meeting I'm scheduling (within the next few business days).
Yes, per our meeting last week, this is in the milestone, and Will says it shouldn't take too long.
Contractors on the OTF-funded work need to de-prioritize work on the security features in order to ensure we complete the accessibility and internationalization work by the end of the month. Therefore, while this is a great feature to have, and I understand Will might still complete it this month, I'm removing it from the milestone.
From https://github.com/pypa/warehouse/pull/6339#issuecomment-520879774
Further discussion here: https://github.com/pypa/warehouse/pull/6339#discussion_r314009955