Token Exchange
I don't always trust third-party services, but when I do, I use OpenID Connect.
As a PyPI package maintainer, you must use the OpenID Connect standard to exchange short-lived identity tokens between a trusted third-party service and PyPI, while avoiding potential security threats and obstacles.
