1. Proposed title of this feature request

User-centric Oauth API token management

2. What is the nature and description of the request?

Allow regular users in Quay to create personal OAuth tokens self-sufficiently in a dedicated API management workflow. Tokens will be used against the Quay API and need to be able to be scoped down in terms of permissions and also need to be configurable to be limited to a subset of organizations the user has access to. Like with Oauth organization tokens today, the tokens permissions can never exceed the permissions of the user. This should also include a proper UI for expiration management and usage tracking, see RFE-4324

3. Why does the customer need this? (List the business requirements here)

Today OAuth tokens are created in the context of an organization, which is restricted to organization owners. However, there are use cases for users to also leverage their access to Quay for automation via API tokens, without having them become full administrative owners of the organizations.

4. List any affected packages or components.

Quay