"login" or dry-run validity check for tokens

[bryevdv]

What's the problem this feature will solve?

Our project has to simultaneously publish docs, PyPI, conda, and npm packages. If one of those fails (e.g. because a token has expired) then it's a really bad day. So it's really ideal for us to be able to "test" all the credentials are valid up front, before actually really attempting any of the uploads.

Describe the solution you'd like

npm provides npm login and there is also an anaconda login Any reasonable way to peform a dry-run of an upload without actually doing the upload would be helpful to ensure that we don't get partway through a release before discovering a credentials problem.

[brainwane]

I think the best way to do this is to implement #726.

[di]

I think to address this issue, we'd probably need to provide an API for testing credentials separate from #726, as it doesn't quite solve the problem of "once we built everything, our upload failed due to bad credentials, and we can't test credentials without trying to upload something".

Presumably once #726 is implemented, maintainers could attempt to upload some dummy release to test credentials, but this isn't as ideal as just providing an API for something like twine login.

However there is an additional complication to consider here (also discussed in pypa/twine#355 and pypa/twine#475) which is that the validity of API tokens depends on what's being uploaded along with them.

Edit: and similarly for basic authentication, the validity of credentials would need to be considered on a per-project basis.

[bryevdv]

which is that the validity of API tokens depends on what's being uploaded along with them.

For sure, tho just from my own perspective, I am willing to own that risk (we have never run in to that particular problem, but we have definitely had botched releases due to a credential issue on some or other account mid-process)

[woodruffw]

This might fall under #13409.