Improve instructional text for API tokens

[nlhkabu]

Based on feedback collected in user testing:

On the API token confirmation page, we should:

• Show the username/password instructions on the API token confirmation page
• Show an example .pypirc file, and explain where to put them for "entire account" tokens vs "scoped to project" tokens

On the manage project > settings page:

• Add a link back to the API token creation page

FYI @justinmayer

[nlhkabu]

Example help text for "whole account" (user scoped) tokens:

For tokens scoped to a specific project, what would the .pypirc file look like and where would it be located?

I assume that users can create a .pypirc file in their project root directory, but I could not find this documented anywhere.

@theacodes @di @dstufft - any ideas?

[woodruffw]

For tokens scoped to a specific project, what would the .pypirc file look like and where would it be located?

Project-scoped tokens look and are configured identically to user-scoped tokens, so the .pypirc file should look and be placed identically. The major distinction between the two will probably be in whether people use .pypirc frequently for project-scoped tokens, given that they're mostly useful for CI/CD and platforms like Travis provide separate configuration mechanisms.

[nlhkabu]

Just to be clear -> if I created a project-scoped token, then I would add the details of this token into a .pypirc file at $HOME/.pypirc. Effectively, it means that I can only have one token on my local machine at any time?

E.g. I cannot create .pypirc files that correspond to each project locally (either by naming them differently, or by placing them in the project root)?

[woodruffw]

Effectively, it means that I can only have one token on my local machine at any time?

Ah, not exactly. You would effectively have one "default" token. If you wanted to have multiple project-scoped tokens, you could do something like this:

# either your user-scoped token or your default project-scoped token
[pypi]
username = __token__
password = pypi-blah

# some other token
[whatever]
username = __token__
password = pypi-blarg

And then do twine --repository whatever to switch to the whatever token.

Edit: Oh, and I believe you can create individual .pypirc files and tell twine where to look for them. That would also be a solution to the same problem.

[nlhkabu]

Thanks for your feedback @woodruffw. I'll update the text based on your feedback and we can go from there :)

[nlhkabu]

Ok, so second attempt:

User scoped token instructions

Project scoped token instructions

@woodruffw can you please review the text?

I'm thinking that this information is maybe too long for this page and could be moved to the help page instead - but I'd like to get the details nailed down first :)

[brainwane]

Contractors on the OTF-funded work need to deprioritize work on the security features in order to ensure we complete the accessibility and internationalization work by the end of the month. Therefore, while this would be great to resolve and I recognize that Nicole may still complete it, I'm removing it from the milestone.