PyPIToken: Manipulate PyPI API tokens
=====================================
.. image:: https://img.shields.io/pypi/v/pypitoken?logo=pypi&logoColor=white
:target: https://pypi.org/pypi/pypitoken
:alt: Deployed to PyPI
.. image:: https://img.shields.io/pypi/pyversions/pypitoken?logo=pypi&logoColor=white
:target: https://pypi.org/pypi/pypitoken
:alt: Deployed to PyPI
.. image:: https://img.shields.io/github/stars/ewjoachim/pypitoken?logo=github
:target: https://github.com/ewjoachim/pypitoken/
:alt: GitHub Repository
.. image:: https://img.shields.io/github/actions/workflow/status/ewjoachim/pypitoken/ci.yml?logo=github
:target: https://github.com/ewjoachim/pypitoken/actions?workflow=CI
:alt: Continuous Integration
.. image:: https://img.shields.io/readthedocs/pypitoken?logo=read-the-docs&logoColor=white
:target: http://pypitoken.readthedocs.io/en/latest/?badge=latest
:alt: Documentation
.. image:: https://img.shields.io/endpoint?logo=codecov&logoColor=white&url=https://raw.githubusercontent.com/wiki/ewjoachim/pypitoken/coverage-comment-badge.json
:target: https://github.com/marketplace/actions/coverage-comment
:alt: Coverage
.. image:: https://img.shields.io/github/license/ewjoachim/pypitoken?logo=open-source-initiative&logoColor=white
:target: https://github.com/ewjoachim/pypitoken/blob/main/LICENSE
:alt: MIT License
.. image:: https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg
:target: https://github.com/ewjoachim/pypitoken/blob/main/CODE_OF_CONDUCT.md
:alt: Contributor Covenant
PyPIToken is an open-source Python 3.8+ library for generating and manipulating
PyPI tokens.
PyPI tokens are very powerful, as that they are based on Macaroons_. They allow
the bearer to add additional restrictions to an existing token. For example, given
a PyPI token that can upload releases for any project of its owner, you can generate
a token that will only allow some projects, or even a single one.
.. _macaroons: https://en.wikipedia.org/wiki/Macaroons_(computer_science)
Here's an example:
.. code-block:: console
$ pip install pypitoken
.. code-block:: python
import pypitoken
token = pypitoken.Token.load("pypi-foobartoken")
print(token.restrictions)
# [ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"])]
token.restrict(project_names=["requests"])
print(token.restrictions)
# [
# ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"]),
# ProjectNamesRestriction(project_names=["requests"]),
# ]
token.dump()
# pypi-newfoobartoken
This token we've created above will be restricted to uploading releases of ``requests``.
Of course, your PyPI user will still need to have upload permissions on ``requests``
for this to happen.
The aim of this library is to provide a simple toolbelt for manipulating PyPI tokens.
Ideally, someday, PyPI (Warehouse_) itself may generate their tokens using this
library too. This should make it easier to iterate on new kinds of restrictions for
PyPI tokens, such as those discussed in the `original implementation issue`__.
.. _Warehouse: https://github.com/pypa/warehouse/
.. __: https://github.com/pypa/warehouse/issues/994
A discussion for integrating this library to the Warehouse environment is ongoing:
- In the `Python Packaging discussions`_ for putting the project under the PyPA umbrella
- In the `Warehouse tracker`_ for replacing the current macaroon implementation with
this lib
.. _`Python Packaging discussions`: https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi-tokens/7572
.. _`Warehouse tracker`: https://github.com/pypa/warehouse/issues/9184
.. Below this line is content specific to the README that will not appear in the doc.
.. end-of-index-doc
Where to go from here
---------------------
The complete docs_ is probably the best place to learn about the project.
If you encounter a bug, or want to get in touch, you're always welcome to open a
ticket_.
.. _docs: http://pypitoken.readthedocs.io/en/latest
.. _ticket: https://github.com/ewjoachim/pypitoken/issues/new
Raw data
{
"_id": null,
"home_page": "https://pypitoken.readthedocs.io/en/latest/",
"name": "pypitoken",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8,<4.0",
"maintainer_email": "",
"keywords": "pypi,api,token,security,packaging",
"author": "Joachim Jablon",
"author_email": "ewjoachim@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/df/54/0fa3df5aeee2963b68b8a04b3fcbade5e96f9e00bc438f52f051fac0009c/pypitoken-7.0.1.tar.gz",
"platform": null,
"description": "PyPIToken: Manipulate PyPI API tokens\n=====================================\n\n.. image:: https://img.shields.io/pypi/v/pypitoken?logo=pypi&logoColor=white\n :target: https://pypi.org/pypi/pypitoken\n :alt: Deployed to PyPI\n\n.. image:: https://img.shields.io/pypi/pyversions/pypitoken?logo=pypi&logoColor=white\n :target: https://pypi.org/pypi/pypitoken\n :alt: Deployed to PyPI\n\n.. image:: https://img.shields.io/github/stars/ewjoachim/pypitoken?logo=github\n :target: https://github.com/ewjoachim/pypitoken/\n :alt: GitHub Repository\n\n.. image:: https://img.shields.io/github/actions/workflow/status/ewjoachim/pypitoken/ci.yml?logo=github\n :target: https://github.com/ewjoachim/pypitoken/actions?workflow=CI\n :alt: Continuous Integration\n\n.. image:: https://img.shields.io/readthedocs/pypitoken?logo=read-the-docs&logoColor=white\n :target: http://pypitoken.readthedocs.io/en/latest/?badge=latest\n :alt: Documentation\n\n.. image:: https://img.shields.io/endpoint?logo=codecov&logoColor=white&url=https://raw.githubusercontent.com/wiki/ewjoachim/pypitoken/coverage-comment-badge.json\n :target: https://github.com/marketplace/actions/coverage-comment\n :alt: Coverage\n\n.. image:: https://img.shields.io/github/license/ewjoachim/pypitoken?logo=open-source-initiative&logoColor=white\n :target: https://github.com/ewjoachim/pypitoken/blob/main/LICENSE\n :alt: MIT License\n\n.. image:: https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg\n :target: https://github.com/ewjoachim/pypitoken/blob/main/CODE_OF_CONDUCT.md\n :alt: Contributor Covenant\n\n\nPyPIToken is an open-source Python 3.8+ library for generating and manipulating\nPyPI tokens.\n\nPyPI tokens are very powerful, as that they are based on Macaroons_. They allow\nthe bearer to add additional restrictions to an existing token. For example, given\na PyPI token that can upload releases for any project of its owner, you can generate\na token that will only allow some projects, or even a single one.\n\n.. _macaroons: https://en.wikipedia.org/wiki/Macaroons_(computer_science)\n\nHere's an example:\n\n.. code-block:: console\n\n $ pip install pypitoken\n\n.. code-block:: python\n\n import pypitoken\n\n token = pypitoken.Token.load(\"pypi-foobartoken\")\n\n print(token.restrictions)\n # [ProjectIDsRestriction(project_ids=[\"00000000-0000-0000-0000-000000000000\"])]\n\n token.restrict(project_names=[\"requests\"])\n\n print(token.restrictions)\n # [\n # ProjectIDsRestriction(project_ids=[\"00000000-0000-0000-0000-000000000000\"]),\n # ProjectNamesRestriction(project_names=[\"requests\"]),\n # ]\n\n token.dump()\n # pypi-newfoobartoken\n\nThis token we've created above will be restricted to uploading releases of ``requests``.\nOf course, your PyPI user will still need to have upload permissions on ``requests``\nfor this to happen.\n\nThe aim of this library is to provide a simple toolbelt for manipulating PyPI tokens.\nIdeally, someday, PyPI (Warehouse_) itself may generate their tokens using this\nlibrary too. This should make it easier to iterate on new kinds of restrictions for\nPyPI tokens, such as those discussed in the `original implementation issue`__.\n\n.. _Warehouse: https://github.com/pypa/warehouse/\n.. __: https://github.com/pypa/warehouse/issues/994\n\nA discussion for integrating this library to the Warehouse environment is ongoing:\n\n- In the `Python Packaging discussions`_ for putting the project under the PyPA umbrella\n- In the `Warehouse tracker`_ for replacing the current macaroon implementation with\n this lib\n\n.. _`Python Packaging discussions`: https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi-tokens/7572\n.. _`Warehouse tracker`: https://github.com/pypa/warehouse/issues/9184\n\n.. Below this line is content specific to the README that will not appear in the doc.\n.. end-of-index-doc\n\nWhere to go from here\n---------------------\n\nThe complete docs_ is probably the best place to learn about the project.\n\nIf you encounter a bug, or want to get in touch, you're always welcome to open a\nticket_.\n\n.. _docs: http://pypitoken.readthedocs.io/en/latest\n.. _ticket: https://github.com/ewjoachim/pypitoken/issues/new\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Manipulate PyPI API tokens",
"version": "7.0.1",
"project_urls": {
"Documentation": "https://pypitoken.readthedocs.io/en/latest/",
"Homepage": "https://pypitoken.readthedocs.io/en/latest/",
"Repository": "https://github.com/ewjoachim/pypitoken"
},
"split_keywords": [
"pypi",
"api",
"token",
"security",
"packaging"
],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "1634fc74ef1dd5b5e87681d7641d3c28911523ca99d164cf93343c6df27d7204",
"md5": "40bf13b1feee2f5c5f93b28db0838d24",
"sha256": "f2966cc4c6f2ef9edeaa3a3e49febf748ff561c7acbdba911845998b2a6c8e16"
},
"downloads": -1,
"filename": "pypitoken-7.0.1-py3-none-any.whl",
"has_sig": false,
"md5_digest": "40bf13b1feee2f5c5f93b28db0838d24",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8,<4.0",
"size": 12715,
"upload_time": "2023-11-03T10:48:44",
"upload_time_iso_8601": "2023-11-03T10:48:44.607765Z",
"url": "https://files.pythonhosted.org/packages/16/34/fc74ef1dd5b5e87681d7641d3c28911523ca99d164cf93343c6df27d7204/pypitoken-7.0.1-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "df540fa3df5aeee2963b68b8a04b3fcbade5e96f9e00bc438f52f051fac0009c",
"md5": "383b951b4398ddba508cf4059e711093",
"sha256": "dd90c8c1abb792b1de7f8380dccbaea238a1bd80e2231be8f5c527ed5ae510a2"
},
"downloads": -1,
"filename": "pypitoken-7.0.1.tar.gz",
"has_sig": false,
"md5_digest": "383b951b4398ddba508cf4059e711093",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8,<4.0",
"size": 12471,
"upload_time": "2023-11-03T10:48:46",
"upload_time_iso_8601": "2023-11-03T10:48:46.114144Z",
"url": "https://files.pythonhosted.org/packages/df/54/0fa3df5aeee2963b68b8a04b3fcbade5e96f9e00bc438f52f051fac0009c/pypitoken-7.0.1.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-11-03 10:48:46",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "ewjoachim",
"github_project": "pypitoken",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "pypitoken"
}
JSON
