Trigger a pipeline as a specific user (not the owner of the session token or access token)
Nagisa Kojima
As a secure way to trigger a pipeline as a specific person:
- Users want to trigger a pipeline outside CircleCI
Currently personal API tokens are needed to trigger a pipeline through the API.
- Asking each user to feed CircleCI token is not feasible; it heavily degrades system security.
- Use of a token for a machine user is not ideal, because API calls will be authenticated as the machine user, making it impossible to distinguish who triggered which pipeline on CircleCI.
There is a need of consideration that inappropriate impersonation can happen; therefore accepting federated tokens is more favourable."