docs: Update GAT documentation #1762
Conversation
| When you give a token access to an organization, the token can only be used for managing organization settings and teams or users associated with the organization. It does not give the token the right to publish packages managed by the organization. | ||
|
|
||
| The Bypass 2FA capability applies to tokens with write access and is set to false by default at token creation. When the Bypass 2FA option is set to true, this setting takes precedence over account-level and package-level 2FA settings. This means that even if account-level 2FA is enabled and/or package-level 2FA is required, 2FA will still be bypassed when using the token. | ||
|
|
There was a problem hiding this comment.
Changes are highlighted in orange box
| <Screenshot src="/integrations/integrating-npm-with-external-services/granular-access-token-summary.png" alt="Screenshot of the granular access token summary and the generate token button" /> | ||
|
|
||
| 10. Copy the token from the top of page. | ||
| 11. Copy the token from the top of page. |
There was a problem hiding this comment.
Added the bypass 2FA step to the instruction
|
|
||
| 4. Confirm the deletion when prompted. | ||
|
|
||
| ## Revoking tokens using the CLI |
There was a problem hiding this comment.
Previous documentation doesn't include instruction for revoking tokens via UI
| For more information, see "[Creating and viewing authentication tokens][create-token]". | ||
| For more information, see "[Creating and viewing access tokens][create-token]". | ||
|
|
||
| ## Set the token as an environment variable on the CI/CD server |
There was a problem hiding this comment.
Added bypass 2FA implications and recommendations
|
|
||
| 3. **Require two-factor authentication and disallow tokens** | ||
| With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Automation tokens and granular access tokens cannot be used to publish packages. | ||
| With this option, a maintainer must have two-factor authentication enabled for their account, and they must publish interactively. Maintainers will be required to enter 2FA credentials when they perform the publish. Granular access tokens cannot be used to publish packages, regardless of their bypass 2FA setting. |
There was a problem hiding this comment.
This page explains the nuance of when 2FA will be prompted
There was a problem hiding this comment.
Also, references of automation tokens are removed as we are deprecating it
|
|
||
| For more information on creating and viewing access tokens on the web and CLI, see "[Creating and viewing access tokens][create-token]". | ||
|
|
||
| ## About legacy tokens |
There was a problem hiding this comment.
as discussed are we planning to add warning msg regading the deprecation of lgacy tokens? cc @nishantms @dhei
There was a problem hiding this comment.
Yes, the change is in the legacy token deprecation docs change PR. I'll check and make sure it remains there
| ## Create a new access token | ||
|
|
||
| Create a new access token that will be used only to access npm packages from a CI/CD server. | ||
| Create a new granular access token that will be used only to access npm packages from a CI/CD server. |
There was a problem hiding this comment.
imho lets keep this as access token itself, in future we should drop the granular term for everywhere because there will be only one type of access token in future
2 participants
This PR updates GAT related documentation to cover how 2FA will be handled for GATs