Currently wrangler login works like this:
- In the browser, I authorize a token with access to all accounts attached to my user.
- Wrangler displays a picker for me to select the account I want to use.
- I select that account.
- Wrangler promises to only use that account.
My user (kenton at cloudflare.com) is on several Cloudflare-internal accounts, some of which are important production accounts which I almost never intend to interact with using wrangler. It makes me nervous that I am creating a token that has access to all those accounts.
What I'd suggest instead is: In the browser, before the token is issued, I should be asked to choose which account I want to use. I should get a token for just that account, and wrangler itself should never ask me to choose an account.
This lets me keep the token restricted to my personal testing account, which is what I usually want.
Currently
wrangler loginworks like this:My user (kenton at cloudflare.com) is on several Cloudflare-internal accounts, some of which are important production accounts which I almost never intend to interact with using wrangler. It makes me nervous that I am creating a token that has access to all those accounts.
What I'd suggest instead is: In the browser, before the token is issued, I should be asked to choose which account I want to use. I should get a token for just that account, and wrangler itself should never ask me to choose an account.
This lets me keep the token restricted to my personal testing account, which is what I usually want.