- Notifications
You must be signed in to change notification settings - Fork1k
feat: add multi-scope support to API keys#19917
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Merged
ThomasK33 merged 1 commit intomainfromthomask33/09-22-canonicalize_special_api_key_scopesSep 26, 2025
Merged
feat: add multi-scope support to API keys#19917
ThomasK33 merged 1 commit intomainfromthomask33/09-22-canonicalize_special_api_key_scopesSep 26, 2025
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
This was referencedSep 22, 2025
MemberAuthor
ThomasK33 commentedSep 22, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
b25f825 toae9cd7cCompare3e06647 to8f46553Compareae9cd7c to24afdeaCompareb5a1899 todf26fdeCompare24afdea to592b758Comparedf26fde to379833fCompare592b758 to3223b46Comparedd9f91b to29f787fComparee3bf61c toc29d8ceCompare29f787f to7f43f71Comparec29d8ce to5562ff4Comparea4a9d57 toacadd79Compare6b9783a toa3329a4Compareacadd79 tob8267e1Comparea3329a4 to45d6550Compare1c54aa1 to92a39d1CompareEmyrk approved these changesSep 25, 2025
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
45d6550 to7f0cdfdCompare1d1eb15 tofd6e329Compare7f0cdfd to2ea1b29Comparejohnstcn approved these changesSep 26, 2025
coderd/database/migrations/000373_canonicalize_special_api_key_scopes.up.sqlShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
MemberAuthor
ThomasK33 commentedSep 26, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Merge activity
|
This change unifies scope handling by migrating special scopes to thecoder:* namespace while maintaining backward compatibility:- Database: 'all' -> 'coder:all', 'application_connect' -> 'coder:application_connect'- API accepts both legacy and canonical forms in requests- Responses maintain legacy format for existing client compatibility- Scope catalog returns all public scopes including canonical specials- Validation enforces public scope requirements using unified logicThe migration preserves existing API key functionality while establishingconsistent scope naming conventions for future extensibility.
fd6e329 toc66a19cCompared0db9ec intomain 37 checks passed
Uh oh!
There was an error while loading.Please reload this page.
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Labels
None yet
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Canonicalize API Key Scopes
This PR introduces canonical API key scopes with a
coder:namespace prefix to avoid collisions with low-level resource:action names. It:Renames special API key scopes in the database:
all→coder:allapplication_connect→coder:application_connectAdds support for a new
scopesfield in the API key creation request, allowing multiple scopes to be specified while maintaining backward compatibility with the singularscopefield.Updates the API documentation to reflect these changes, including the new endpoint for listing public API key scopes.
Ensures backward compatibility by mapping between legacy and canonical scope names in relevant code paths.