Skip to content

Inside Rust: Add "API token scopes" blog post #1103

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 9, 2023
Merged

Inside Rust: Add "API token scopes" blog post #1103

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions posts/inside-rust/2023-05-09-api-token-scopes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
---
layout: post
title: "API token scopes"
author: Tobias Bieniek
team: the crates.io team <https://www.rust-lang.org/governance/teams/crates-io>
---

Roughly three years ago [Pietro Albini](https://github.com/pietroalbini) opened an RFC called ["crates.io token scopes"](https://github.com/rust-lang/rfcs/pull/2947). This RFC described an improvement to the existing API tokens, that everyone is using to publish crates to the [crates.io](https://crates.io/) package registry. The proposal was to make it possible to restrict API tokens to 1) certain operations and 2) certain crates.

Unfortunately, the crates.io team members were quite busy at the time, so it took a while for this proposal to get accepted. To be precise, during the [EuroRust](https://eurorust.eu) conference in October 2022 we talked about the RFC again and after a few modifications the RFC was moved into FCP status and then finally merged.

The implementation was started soon after, but was paused again due to other priorities at the time. Fortunately, I was lucky enough to get one of the software engineering jobs at the [Rust Foundation](https://rustfoundation.org/), so in early April the development continued, and I am happy to report:

**API token scopes on crates.io are now in a public beta testing period!**

For details on what these token scopes are and how they are supposed to work, I recommend reading through the [RFC](https://github.com/rust-lang/rfcs/pull/2947). If you want to try them out, you can go to <https://crates.io/settings/tokens/new> and create a new API token scoped to the operations and crates you want:

![Screenshot of the "New API Token" page](../../../../images/inside-rust/2023-05-09-api-token-scopes/screenshot.png)

Please note that this page is currently not reachable from the regular user interface, you have to access it via URL directly while we test it out.

Finally, if you notice any issues, or if you have any questions don't hesitate to find us on [Zulip](https://rust-lang.zulipchat.com/#narrow/stream/318791-t-crates-io/topic/token.20scopes) or open an issue on [GitHub](https://github.com/rust-lang/crates.io/issues/new/choose).
Binary file added static/images/inside-rust/2023-05-09-api-token-scopes/screenshot.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.