Metadata-Version: 2.1
Name: pypitoken
Version: 6.0.0
Summary: Manipulate PyPI API tokens
Home-page: https://pypitoken.readthedocs.io/en/latest/
License: MIT
Keywords: pypi,api,token,security,packaging
Author: Joachim Jablon
Author-email: ewjoachim@gmail.com
Requires-Python: >=3.7,<4.0
Classifier: License :: OSI Approved :: MIT License
Classifier: Programming Language :: Python :: 3
Classifier: Programming Language :: Python :: 3.7
Classifier: Programming Language :: Python :: 3.8
Classifier: Programming Language :: Python :: 3.9
Classifier: Programming Language :: Python :: 3.10
Classifier: Programming Language :: Python :: 3.11
Classifier: Topic :: Security
Classifier: Topic :: System :: Archiving :: Packaging
Requires-Dist: jsonschema
Requires-Dist: pymacaroons (>=0.13.0,<0.14.0)
Requires-Dist: typing-extensions
Project-URL: Documentation, https://pypitoken.readthedocs.io/en/latest/
Project-URL: Repository, https://github.com/ewjoachim/pypitoken
Description-Content-Type: text/x-rst

PyPIToken: Manipulate PyPI API tokens
=====================================

.. image:: https://img.shields.io/pypi/v/pypitoken?logo=pypi&logoColor=white
    :target: https://pypi.org/pypi/pypitoken
    :alt: Deployed to PyPI

.. image:: https://img.shields.io/pypi/pyversions/pypitoken?logo=pypi&logoColor=white
    :target: https://pypi.org/pypi/pypitoken
    :alt: Deployed to PyPI

.. image:: https://img.shields.io/github/stars/ewjoachim/pypitoken?logo=github
    :target: https://github.com/ewjoachim/pypitoken/
    :alt: GitHub Repository

.. image:: https://img.shields.io/github/workflow/status/ewjoachim/pypitoken/CI?logo=github
    :target: https://github.com/ewjoachim/pypitoken/actions?workflow=CI
    :alt: Continuous Integration

.. image:: https://img.shields.io/readthedocs/pypitoken?logo=read-the-docs&logoColor=white
    :target: http://pypitoken.readthedocs.io/en/latest/?badge=latest
    :alt: Documentation

.. image:: https://img.shields.io/endpoint?logo=codecov&logoColor=white&url=https://raw.githubusercontent.com/wiki/ewjoachim/pypitoken/coverage-comment-badge.json
    :target: https://github.com/marketplace/actions/coverage-comment
    :alt: Coverage

.. image:: https://img.shields.io/github/license/ewjoachim/pypitoken?logo=open-source-initiative&logoColor=white
    :target: https://github.com/ewjoachim/pypitoken/blob/master/LICENSE
    :alt: MIT License

.. image:: https://img.shields.io/badge/Contributor%20Covenant-v1.4%20adopted-ff69b4.svg
    :target: https://github.com/ewjoachim/pypitoken/blob/master/CODE_OF_CONDUCT.md
    :alt: Contributor Covenant


PyPIToken is an open-source Python 3.7+ library for generating and manipulating
PyPI tokens.

PyPI tokens are very powerful, as that they are based on Macaroons_. They allow
the bearer to add additional restrictions to an existing token. For example, given
a PyPI token that can upload releases for any project of its owner, you can generate
a token that will only allow some projects, or even a single one.

.. _macaroons: https://en.wikipedia.org/wiki/Macaroons_(computer_science)

Here's an example:

.. code-block:: console

    $ pip install pypitoken

.. code-block:: python

    import pypitoken

    token = pypitoken.Token.load("pypi-foobartoken")

    print(token.restrictions)
    # [ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"])]

    token.restrict(project_names=["requests"])

    print(token.restrictions)
    # [
    #     ProjectIDsRestriction(project_ids=["00000000-0000-0000-0000-000000000000"]),
    #     ProjectNamesRestriction(project_names=["requests"]),
    # ]

    token.dump()
    # pypi-newfoobartoken

This token we've created above will be restricted to uploading releases of ``requests``.
Of course, your PyPI user will still need to have upload permissions on ``requests``
for this to happen.

The aim of this library is to provide a simple toolbelt for manipulating PyPI tokens.
Ideally, someday, PyPI (Warehouse_) itself may generate their tokens using this
library too. This should make it easier to iterate on new kinds of restrictions for
PyPI tokens, such as those discussed in the `original implementation issue`__.

.. _Warehouse: https://github.com/pypa/warehouse/
.. __: https://github.com/pypa/warehouse/issues/994

A discussion for integrating this library to the Warehouse environment is ongoing:

- In the `Python Packaging discussions`_ for putting the project under the PyPA umbrella
- In the `Warehouse tracker`_ for replacing the current macaroon implementation with
  this lib

.. _`Python Packaging discussions`: https://discuss.python.org/t/pypitoken-a-library-for-generating-and-manipulating-pypi-tokens/7572
.. _`Warehouse tracker`: https://github.com/pypa/warehouse/issues/9184

.. Below this line is content specific to the README that will not appear in the doc.
.. end-of-index-doc

Where to go from here
---------------------

The complete docs_ is probably the best place to learn about the project.

If you encounter a bug, or want to get in touch, you're always welcome to open a
ticket_.

.. _docs: http://pypitoken.readthedocs.io/en/latest
.. _ticket: https://github.com/ewjoachim/pypitoken/issues/new

