New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Docs: publishing > authentication > API tokens #821
Comments
This relates to the broader discussion I opened here: https://discuss.python.org/t/2fa-usability-on-pypi-and-with-packaging-tools/38167/7 Here are some
Ideally, when trying to upload using $ hatch publish
repository username: ...
repository password: ...
ERROR: two-factor authentication is enabled for username 'username' on repository 'URL'.
Please ensure an API token exists for this project and then use `hatch publish --token-auth`.
$ hatch publish --token-auth
API token for project: ... |
hey @pitrou i'm workign through this now too - we are creating some tutorials on publishing using hatch. It seems like running
i think for me what was confusing was when i ran hatch publish it asked for the username but then said [TOKEN] and i wasn't sure what that meant. so specityying did that work for you? |
Hi @lwasser
Thanks for writing these tutorials, however it would be much nicer if the hatch UI was improved, or at least if its own docs included such instructions.
Normally, yes, |
i hear you. i suspect a docs enhancement would be really helpful here and a lower lift. our tutorial work is totally separate from hatch i'm just noting painpoints and where docs might be useful in case i have bandwidth to help a bit here too! :) |
I can confirm that Conclusion: Improving the already good documentation would be very helpful. |
Documentation was improved in #789 Is there anything else that needs doing here? |
Thanks for this! It's certainly more descriptive and detailed, but I'm surprised it does not seem to explicitly mention two-factor auth anywhere (*). While API tokens are mentioned, it does not explicitly say how to use them with Perhaps I'm overdoing this, so feel free to ignore ;-) (*) a quick grep suggests the word "factor" does not appear once under https://github.com/pypa/hatch/tree/master/docs . |
Sure, I can talk about that! |
https://hatch.pypa.io/latest/publish/#authentication mainly discusses user+password auth.
Last week I used user+password auth to publish a project, and got this email from pypi:
I guess the Hatch documentation could use a bit of finetuning to cover API tokens better, because now it just mentions it as a recommendation for automated releases:
Also relevant here: when one creates an API token, one has to pick the token's scope (all projects or an individual project). So that means that a developer might ends up with multiple "token passwords" (one for each projecct), which might not play well with the user/password caching mechanism described in the authentication docs.
The text was updated successfully, but these errors were encountered: