Add project-scoped API tokens to limit the risks #7928
Comments
|
Hi! Thanks for the feedback. We have talked about this already and we started implementing this some some time ago (3 years now!?) but it was too complex and we were spending too much time on it, so we decided to start having a better API (now APIv3!) and add scoped based token as a feature in the future. Maybe we are in the future already? 😄 |
stsewd
added a commit
that referenced
this issue
May 3, 2023
- Ref readthedocs/meta#21 - Ref #7928 (not directly, but it opens the door for the future)
stsewd
added a commit
that referenced
this issue
Jun 13, 2023
- Ref readthedocs/meta#21 - Ref #7928 (not directly, but it opens the door for the future)
|
This work may be easier to do now that we have implemented scoped tokens for our build system in #10378 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Details
It seems that currently you can only create a per-user API token which has access to all the projects you have access to. I think it would make sense to have a way to limit the scope of a user token to the specific project or have per-project API tokens in addition to per-user API tokens. I'm guessing the former might be easier to achieve, but I'm putting both in this proposal so that the best option can be decided on.
Currently, the only way to achieve something like this would be to create a secondary account that only has access to one, specific project.
The text was updated successfully, but these errors were encountered: