Skip to content
This repository has been archived by the owner on Sep 26, 2021. It is now read-only.

pip supports only basic authentication #5

Closed
MadJlzz opened this issue Aug 1, 2021 · 1 comment · Fixed by #6
Closed

pip supports only basic authentication #5

MadJlzz opened this issue Aug 1, 2021 · 1 comment · Fixed by #6
Labels
help wanted Extra attention is needed

Comments

@MadJlzz
Copy link
Owner

MadJlzz commented Aug 1, 2021

pip actually supports only Basic Authentication at the moment.

When gopypi is deployed to AppEngine, we need to find a way to authenticate and authorize pip clients.
@MadJlzz MadJlzz added the help wanted Extra attention is needed label Aug 1, 2021
@MadJlzz MadJlzz mentioned this issue Aug 1, 2021
Closed
@MadJlzz MadJlzz linked a pull request Aug 2, 2021 that will close this issue
Refactoring to let gopypi be more extendable v2 #6
Merged
@MadJlzz
Copy link
Owner Author

MadJlzz commented Aug 2, 2021

After digging a bit how Pypi or even Artifactory are working ; I found out that the authentication part is either proxied to an external IP (identity provider) or management by the application locally.

For this first iteration of Pypi, I will not add authorization mechanism in the sense that all users will have access to all packages. For sure, I want to make this part also flexible enough so that I can extend to more complex authentication mechanism.

For now, I'll ask for an API token that is created once and shared across multiple users. I case of compromised token, a new one should be generate and secrets updated.

@MadJlzz MadJlzz closed this as completed in #6 Aug 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Refactoring to let gopypi be more extendable v2 MadJlzz/gopypi
1 participant
@MadJlzz