Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Section for pluggable auth backend support #7

Merged
merged 3 commits into from
Jul 6, 2020
Merged

Section for pluggable auth backend support #7

merged 3 commits into from
Jul 6, 2020

Conversation

uranusjr
Copy link
Contributor

Close #5.

What is the current situation/context?
Standard packaging tools currently only supports package indexes using basic authentication.

What ought to be fixed, made, or implemented?
See pypa/pip#4475 and pypa/twine#362. A shared interface and implementation for various alternative authentication method support can be developed for both tools (and maybe more), so organisations can choose to install them to be able to use e.g. Kerberos to secure their private package indexes.

What kinds of work are necessary to make this happen?

  • A survey of various auth methods, and how they can be implemented as a pluggable library.
  • Develop an interface that tools (e.g. pip) can implement to detect authentication method support, and call into the library that provides it.
  • Develop and maintain libraries that implement the various auth methods for people to install when the support is needed.

@pradyunsg
Copy link
Contributor

With something like this, we'd also be able to drop the keyring out-of-the-box integration in those tools (at least in pip) in favor of a plugin like this -- which would help usability as well -- and is worth noting here.

@xmunoz
Copy link
Member

xmunoz commented Jun 18, 2020

Can you add these issues into the markdown file?

@brainwane
Copy link
Collaborator

I second @xmunoz -- I think you should add the details you shared in the comment on this pull request into the FUNDABLES item itself.

@uranusjr
Copy link
Contributor Author

I’ve added the content of the PR description as a part of the patch.

di
di reviewed Jun 24, 2020
View reviewed changes
Copy link
Member

@di di left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me, just some small typos/clarifications.

FUNDABLES.md Outdated Show resolved Hide resolved
FUNDABLES.md Outdated Show resolved Hide resolved
FUNDABLES.md Outdated Show resolved Hide resolved
FUNDABLES.md Outdated Show resolved Hide resolved
@uranusjr @di
Apply suggestions from code review
bbe9f8a 
Co-authored-by: Dustin Ingram <di@users.noreply.github.com>
@uranusjr
Copy link
Contributor Author

Thanks! Updated.

@brainwane brainwane merged commit 0de4fee into psf:master Jul 6, 2020
@brainwane
Copy link
Collaborator

Thanks @uranusjr and thanks reviewers! I have polished wording slightly in 5f62a3a .

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@di di di approved these changes

@pradyunsg pradyunsg pradyunsg approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Suggestion for addition: Pluggable HTTP(S) authentication provider
5 participants
@uranusjr @pradyunsg @xmunoz @brainwane @di