Update Macaroon claims/constraints for OIDC token minting #10792

woodruffw · 2022-02-18T22:00:04Z

We're going to want to mint short-lived Warehouse API tokens (which are Macaroons) based on incoming OIDC JWTs.

As part of the "short-lived" part, we'll need need to make sure the tokens support some kind of expiration claim.

woodruffw · 2022-02-18T22:23:07Z

As part of this we'll probably want to revive some of the work in #6935, namely adding a TopLevelCaveat that dispatches to V1Caveat or V2Caveat depending on the version. V2Caveat can then be the main caveat format we use here.

woodruffw · 2022-03-07T18:06:01Z

I'm going to get started on this while #10753 is pending review.

woodruffw · 2022-04-16T17:58:55Z

#11122 addresses this.

di added APIs/feeds tokens Issues relating to API tokens labels Feb 18, 2022

woodruffw mentioned this issue Mar 7, 2022

warehouse, tests: v2 caveats #10888

Closed

woodruffw mentioned this issue Mar 17, 2022

Routes and endpoints for JWT consumption #10970

Closed

woodruffw mentioned this issue Apr 5, 2022

Add ExpiryCaveat #11122

Merged

woodruffw closed this as completed Apr 16, 2022

woodruffw mentioned this issue Oct 31, 2022

[META] OIDC federation roadmap for Warehouse #12465

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update Macaroon claims/constraints for OIDC token minting #10792

Update Macaroon claims/constraints for OIDC token minting #10792

woodruffw commented Feb 18, 2022

woodruffw commented Feb 18, 2022

woodruffw commented Mar 7, 2022

woodruffw commented Apr 16, 2022

Update Macaroon claims/constraints for OIDC token minting #10792

Update Macaroon claims/constraints for OIDC token minting #10792

Comments

woodruffw commented Feb 18, 2022

woodruffw commented Feb 18, 2022

woodruffw commented Mar 7, 2022

woodruffw commented Apr 16, 2022