Skip to main content
← Back to list
01Issue
FeatureOpenSwamp ClubTeam
AssigneesNone

Relationships

#960 Fine-grained scopes for swamp.club access tokens

Opened by evrardjp · 7/4/2026

Problem

swamp.club access tokens currently appear to have a broad account-level scope. This makes it hard to use tokens safely in automation/CI because a token intended only for extension publishing may also be able to perform unrelated sensitive actions.

Desired capability

When creating an access token, allow selecting fine-grained permissions/scopes. For example, I want to create a token that can publish extensions, but cannot:

  • change my user profile
  • yank/unyank/hide extensions
  • link or unlink accounts
  • perform other account-management actions

Proposed solution

Add scoped access tokens with explicit capabilities, such as:

  • extensions:publish
  • extensions:yank
  • extensions:unyank
  • extensions:hide
  • profile:write
  • accounts:link

The token creation UI/API/CLI should let users choose the minimal required permissions, and the registry/API should enforce those scopes on every authenticated action.

Why this matters

This would follow least-privilege principles and make it safer to store swamp.club tokens in CI/CD systems, especially for publishing extensions, without granting broad account control.

02Bog Flow
OPENTRIAGEDIN PROGRESSSHIPPED

Open

7/4/2026, 10:19:26 AM

No activity in this phase yet.

03Sludge Pulse

Sign in to post a ripple.