Skip to content

rfc(feature): Option for organizations to disallow use of user API tokens #68

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 5 commits into
base: main
Choose a base branch
from
Draft

rfc(feature): Option for organizations to disallow use of user API tokens #68

wants to merge 5 commits into from

Conversation

mdtro
Copy link
Member

@mdtro mdtro commented Jan 24, 2023
edited
Loading

Provide a toggle option for organizations to disallow the use of user API tokens when authenticating to their organization.

Rendered RFC

ghost
ghost reviewed Jan 24, 2023
View reviewed changes
ghost
ghost reviewed Jan 24, 2023
View reviewed changes
@mdtro mdtro marked this pull request as draft January 24, 2023 14:29
@mdtro mdtro marked this pull request as ready for review March 9, 2023 17:38
@mitsuhiko
Copy link
Contributor

Generally a big fan of this idea. However I think we probably need to revisit some of our user experience around the tokens. The work for source maps recently also surfaced again that user bound tokens are also not idea from a user experience point of view.

@mdtro mdtro force-pushed the mdtro/org-user-api-token-options branch from e093f3a to a16869e Compare January 31, 2024 22:31
@mdtro mdtro marked this pull request as draft January 31, 2024 22:31
markstory
markstory reviewed Feb 7, 2024
View reviewed changes
text/0068-org-user-token-restriction.md
Comment on lines +48 to +49
**I'm proposing we add a toggle option under the organization settings
to disallow usage of user API tokens for authentication to their organization.**
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this a setting that we would enable by default for new orgs?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markstory markstory markstory left review comments

+1 more reviewer
Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mdtro @mitsuhiko @markstory