Hey @charsleysa sorry this got lost in the shuffle. I know you’ve seen but for anyone else looking, we did ship an answer to the org specific use case Org Scoped Tokens.
I think the biggest with letting users create their own macaroons is the UX, as kurt was saying before. Macaroons are cool to talk about, but are really an implementation detail more than anything. That means to expose the power to users we need to expose some screen/command with knobs users can turn to describe a certain level of access they want. This is a famously hard problem that if not carefully addressed ends up with something like the IAM console. If you don’t mind it would be awesome if you could keep sharing when you run into situations where you feel like being able to build your own specifically scoped access tokens would be useful to you. This would be super helpful because
- (1) it helps us understand what the knobs of a potential future tool for this might look like
- and (2) sometimes it might be things that are generally useful we haven’t thought of but might be able to ship within our existing token issuance framework