Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add personal user tokens 馃攽 #4976

merged 16 commits into from Jul 2, 2021


Copy link

@ThiefMaster ThiefMaster commented Jun 30, 2021

This is basically what I suggested in #1934 six years ago, and originally wanted to have in 2.0 or 2.1, but then there was never time for it... In the end this was very straightforward to implement with all the previous oauth-related changes.

Initially I had planned on just providing the backend and CLI for it - that way people could use have used it for administrative tasks (thinking of some of the API usages on our own instance that currently all use the same API key...).

However, since the UI for it wouldn't be particularly complex, I'm now thinking about spending another half day or so to add end-user UI for it as well since that would allow us to officially deprecate the existing API key authentication in favor of using these tokens. (Edit: done!)

And with it being deprecated, we can then consider removing the old API auth in one of the 3.x versions.

I also used this opportunity to prefix our tokens - indo_ for OAuth, indp_ for personal tokens - this seems to be common on various high-profile public APIs lately.

closes #1934

Some screenshots of the UI - it is very similar to GitHub's personal token management ;)


@ThiefMaster ThiefMaster added this to the v3 milestone Jun 30, 2021
@ThiefMaster ThiefMaster added this to In progress in Release 3.0 via automation Jun 30, 2021
@ThiefMaster ThiefMaster moved this from In progress to Awaiting review/merge in Release 3.0 Jun 30, 2021
@ThiefMaster ThiefMaster force-pushed the personal-tokens branch 3 times, most recently from c942289 to 7c2e804 Compare June 30, 2021 16:23
@ThiefMaster ThiefMaster requested a review from javfg July 1, 2021 08:31
@ThiefMaster ThiefMaster merged commit e2c7120 into indico:master Jul 2, 2021
Release 3.0 automation moved this from Awaiting review/merge to Done Jul 2, 2021
@ThiefMaster ThiefMaster deleted the personal-tokens branch July 2, 2021 15:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
No open projects
Release 3.0

Successfully merging this pull request may close these issues.

Bring OAuth and API key system closer together
4 participants