Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Organization and Repository level access token #25900

Open
folliehiyuki opened this issue Jul 15, 2023 · 7 comments
Open

Organization and Repository level access token #25900

folliehiyuki opened this issue Jul 15, 2023 · 7 comments
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.

Comments

@folliehiyuki
Copy link

Feature Description

It would be nice to have a more limited access token than user access token.

  • A Repository-level access token should only be able to read/write its repository, call /repos/ API endpoints and configure repository webhooks.

  • An Organization-level access token should be able to authenticate to /orgs/ endpoints and do the same things as Repository-level access token for all the repositories inside it.

I'm a long time GitLab user, so this is just my way of wanting its feature in Gitea. Also, Repository and Organization access token should also have configurable scopes at creation time.

Ref: https://docs.gitlab.com/ee/security/token_overview.html

Screenshots

No response
@folliehiyuki folliehiyuki added the type/proposal The new feature has not been accepted yet but needs to be discussed first. label Jul 15, 2023
@folliehiyuki
Copy link
Author

I just discovered that someone already asked the same question in https://discourse.gitea.io/t/are-there-organisation-access-tokens/7082.

@KagurazakaNyaa
Copy link

It seems to be the solution of #26746. A workaround based on service account is provided in #26754.

@Crown0815 Crown0815 mentioned this issue Dec 14, 2023
Open
@camlafit
Copy link
Contributor

Hello

Looks interesting. At repository level we have yet keys application to allow external acces with ssh key. In other case, we need an http access and token use.
If it's possible to manage application access with ssh or token could be very nice.

Thanks a lot

@lunny
Copy link
Member

lunny commented Apr 3, 2024

I think an organization-level access token could be the first target because it's similar to a user-level one.

@Emiliaaah Emiliaaah mentioned this issue Apr 6, 2024
Open
@zapling
Copy link

zapling commented Jul 14, 2024

This would make it way more secure when using ArgoCD in a kuberentes setup. This way we could give a more fine grained access based on the orgs.

@jeromecossette-qc
Copy link

Any development on that ? It would be really useful

@Shuenhoy
Copy link

Shuenhoy commented Oct 8, 2024

I think an organization-level access token could be the first target because it's similar to a user-level one.

I think it can be solved with "bot account" #13044, and reuse current user-level token mechanism. But I would name it "Role User" in this context to make it less confusing.

#13044 has already mentioned a lot properties, and here are those especially useful for the org/repo level access problem here

  • A regular user can create Role Users
  • A Role User has no password and cannot login
  • The owner can create PAT for Role Users
  • A Role User with "priviate" visibility is only visible by its owner.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type/proposal The new feature has not been accepted yet but needs to be discussed first.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@lunny @camlafit @Shuenhoy @KagurazakaNyaa @zapling @folliehiyuki @jeromecossette-qc