Warehouse: API token default scope: user or project?
Followup to #994:
@brettcannon asks:
@ewdurbin said: By default, newly created tokens will have “user” scope, meaning that they’ll behave exactly like your password.
Are there plans to change this default so that using such a strong token is not the default so that people have to opt into it? (I’m no security expert so this is more inquisitive.)
As far as I know there are no such plans but I'd like @woodruffw and @nlhkabu to weigh in.
brainwane
All 2 comments
An idea: We could add some additional UI on creation of a user-scoped token, warning the user that their new token will have access to all of their projects. This would allow us to retain it as a default (which I think is sensible, at least insofar as it doesn't make sense to choose a random project from the user's list as a default) while also making the security properties clear.
woodruffw
on 26 Jul 2019
As per #6274, we are going to address this by:
- Forcing users to explicitly select the token scope
- Showing a "warning" message if "entire account" scope is selected
nlhkabu
on 27 Jul 2019
Related issues
dstufft
·
3Comments
toddrme2178
·
3Comments
nlhkabu
·
4Comments
Lawouach
·
3Comments
ewjoachim
·
3Comments
Most helpful comment
An idea: We could add some additional UI on creation of a user-scoped token, warning the user that their new token will have access to all of their projects. This would allow us to retain it as a default (which I think is sensible, at least insofar as it doesn't make sense to choose a random project from the user's list as a default) while also making the security properties clear.