As folks are likely aware, legacy PyPI currently supports logging in using OpenID and Google Auth while Warehouse does not. After much deliberation, I’ve decided that Warehouse will not be implementing OpenID or Google logins, and once we shutdown legacy PyPI, OpenID/ and Google logins to PyPI will no longer be possible.
This decision was made for a few reasons: * Very few people actually are using OpenID or Google logins as it is. In one month we had ~15k logins using the web form, ~5k using basic auth, and 62 using Google and 7 using OpenID. This is a several orders of magnitude difference. * Regardless of how you log into PyPI (Password or Google/OpenID) you’re required to have a password added to your account to actually upload anything to PyPI. This negates much of the benefit of a federated authentication for PyPI as it stands. * Keeping these requires ongoing maintenance to deal with any changes in the specification or to update as Google deprecates/changes things. * Adding support for them to Warehouse requires additional work that could better be used elsewhere, where it would have a higher impact. - Donald _______________________________________________ Distutils-SIG maillist - Distutils-SIG@python.org https://mail.python.org/mailman/listinfo/distutils-sig
