|
|
|
|
|
|
by woodruffw
588 days ago
|
|
|
Adding another IdP is not the hard part; establishing the set of claims that IdP should be presenting to interoperate with PyPI is. The technical/social distinction is specious in this context: the technical aspects are hard because the social aspects are hard, and vice versa. If you work in a large organization that has the ability to maintain a PKI for OIDC, you should open an issue on PyPI discussing its possible inclusion as a supported provider. The docs[1] explain the process and requirements. [1]: https://docs.pypi.org/trusted-publishers/internals/ |
|
|