The Trust Game

Become a PyPI package maintainer and use the OpenID Connect (OIDC) standard to exchange short-lived identity tokens between a trusted third-party service and PyPI in this simulation game. Configure PyPI to trust an identity provided by a given OpenID Connect Identity Provider (IdP), delegate trust, and request short-lived, tightly-scoped API tokens to publish packages. Increase the security of your release workflows by configuring trusted publishers to only release from a specific GitHub Actions environment.