Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tracking Issue: Token Scopes #5443

Closed
7 tasks done
Turbo87 opened this issue Nov 8, 2022 · 2 comments · Fixed by #6573
Closed
7 tasks done

Tracking Issue: Token Scopes #5443

Turbo87 opened this issue Nov 8, 2022 · 2 comments · Fixed by #6573
Labels
C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts

Comments

@Turbo87
Copy link
Member

Turbo87 commented Nov 8, 2022
edited
Loading

This is a tracking issue for the RFC "crates.io Token Scopes" (rust-lang/rfcs#2947).

Steps:

Backend:

Frontend:

The exact details of these steps are still tbd. Feel free to discuss here or contact the @rust-lang/crates-io team if you have any questions. It might be best to discuss the plans first before working on and opening a PR 😉

Unresolved questions:

  • Are there more scopes that would be useful to implement from the start?
  • Is the current behavior of crate scopes on endpoints that don't interact with
    crates the best, or should a token with crate scopes prevent access to
    endpoints that don't act on crates?
@Turbo87 Turbo87 added C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts labels Nov 8, 2022
@Turbo87 Turbo87 mentioned this issue Nov 8, 2022
Merged
@Turbo87 Turbo87 moved this to For next meeting in crates.io team meetings Nov 8, 2022
@Turbo87 Turbo87 mentioned this issue Nov 13, 2022
Closed
This was referenced Nov 23, 2022
Closed
Merged
This was referenced Dec 1, 2022
Merged
Merged
This was referenced Dec 1, 2022
Merged
Merged
@gluxon gluxon mentioned this issue Jan 14, 2023
Open
This was referenced Apr 12, 2023
Merged
Merged
Merged
This was referenced May 5, 2023
Merged
Merged
@Turbo87 Turbo87 mentioned this issue Jun 5, 2023
Merged
@mbhall88
Copy link

Was there a reason for limiting the patterns allowed for token scope to, for example, serde*? What I mean is the wildcard is a suffix here, but *serde is not allowed - i.e., a wildcard prefix.

My use case is I have a workspace with binary foo and a library libfoo. I'd like to be able to create a crates API token scoped to *foo but his is not possible with the current scoping patterns.

(Apologies if this is not the right place to ask this question)

@Turbo87
Copy link
Member Author

Turbo87 commented Nov 25, 2024

@mbhall88 mostly for implementation simplicity. you can add multiple scopes to one token though, so this should still be relatively easy to achieve.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works C-tracking-issue Category: A tracking issue for an RFC, an unstable feature, or an issue made of many parts
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Stabilize token scopes Turbo87/crates.io
2 participants
@Turbo87 @mbhall88