Skip to content

Enable PyPI Users to associate their PyPI Account with another service provider account #19026

New issue
New issue
Open
0 of 1 issue completed
Open
Enable PyPI Users to associate their PyPI Account with another service provider account#19026
0 of 1 issue completed
Assignees
miketheman
Labels
UX/UIdesign, user experience, user interfacefeature requestsecuritySecurity-related issues and pull requests
Milestone
Trusted Account Links
@miketheman

Description

@miketheman
miketheman
opened on Nov 10, 2025

When users sign up for PyPI, they create an account with a username, email, password, and a form of two-factor authentication (2FA). If they lose access to a password, 2FA method, or their email address for recovery, they must go through a fairly lengthy process to recover their account.

Creating the necessary machinery for adding associations from third-party services (usually supporting OAuth2.0/OIDC flows) to a user’s account can help with verifications during account recovery processes, by providing some stronger associations between user accounts and other service provider identities.

This should eventually allow creating more automated admin review steps for accounts with these associations, leading to faster account recovery without sacrificing security.

Sub-issues

Metadata

Metadata

Assignees

Labels

UX/UIdesign, user experience, user interfacefeature requestsecuritySecurity-related issues and pull requests

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions