Enable PyPI Users to associate their PyPI Account with another service provider account

[miketheman]

When users sign up for PyPI, they create an account with a username, email, password, and a form of two-factor authentication (2FA). If they lose access to a password, 2FA method, or their email address for recovery, they must go through a fairly lengthy process to recover their account.

Creating the necessary machinery for adding associations from third-party services (usually supporting OAuth2.0/OIDC flows) to a user’s account can help with verifications during account recovery processes, by providing some stronger associations between user accounts and other service provider identities.

This should eventually allow creating more automated admin review steps for accounts with these associations, leading to faster account recovery without sacrificing security.