Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

feat: implement composite API key scopes for workspaces and templates#19945

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged

Conversation

ThomasK33
Copy link
Member

Add Composite API Key Scopes

This PR adds high-level composite API key scopes to simplify token creation with common permission sets:

  • coder:workspaces.create - Create and update workspaces
  • coder:workspaces.operate - Read and update workspaces
  • coder:workspaces.delete - Read and delete workspaces
  • coder:workspaces.access - Read, SSH, and connect to workspace applications
  • coder:templates.build - Read templates and create/read files
  • coder:templates.author - Full template management with insights
  • coder:apikeys.manage_self - Manage your own API keys

These composite scopes are persisted in the database and expanded during authorization, providing a more intuitive way to grant permissions compared to the granular resource:action scopes.

@ThomasK33Graphite App
Copy link
MemberAuthor

ThomasK33 commentedSep 24, 2025
edited
Loading

This stack of pull requests is managed byGraphite. Learn more aboutstacking.

@ThomasK33ThomasK33 linked an issueSep 24, 2025 that may beclosed by this pull request
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 3 times, most recently from7b3177b to5ff29e3CompareSeptember 24, 2025 16:09
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch fromc86d555 tob630882CompareSeptember 24, 2025 16:09
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch from5ff29e3 toed07df0CompareSeptember 24, 2025 16:27
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch 2 times, most recently from143c808 to93a509eCompareSeptember 24, 2025 16:42
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 2 times, most recently from6294b46 to0e26021CompareSeptember 24, 2025 16:43
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch from93a509e to8707c00CompareSeptember 24, 2025 16:44
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 2 times, most recently from8a2321b to61218b2CompareSeptember 24, 2025 20:50
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch 2 times, most recently from2b7e3a9 to20c22feCompareSeptember 25, 2025 15:46
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 2 times, most recently frome49ab65 to01e4d20CompareSeptember 25, 2025 15:46
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch from20c22fe to22123c0CompareSeptember 25, 2025 15:46
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch from01e4d20 to84dc70dCompareSeptember 25, 2025 15:56
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch from94ad114 to716c772CompareSeptember 26, 2025 07:45
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch fromc84abde toba36a7dCompareSeptember 26, 2025 07:45
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_oauth2_external_scope_metadata branch from716c772 to8f4b99bCompareSeptember 26, 2025 08:25
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch fromba36a7d toa2f4a0aCompareSeptember 26, 2025 08:25
@ThomasK33ThomasK33 changed the base branch fromthomask33/09-24-add_oauth2_external_scope_metadata tographite-base/19945September 26, 2025 09:57
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch froma2f4a0a toc3e13cbCompareSeptember 26, 2025 10:16
@graphite-appgraphite-appbot changed the base branch fromgraphite-base/19945 tomainSeptember 26, 2025 10:16
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 2 times, most recently fromfe855d8 to4552f9eCompareSeptember 26, 2025 10:20
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch from4552f9e toaa26434CompareSeptember 26, 2025 12:24
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch fromaa26434 toe830bcbCompareSeptember 26, 2025 14:00
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch 2 times, most recently from07a8634 toec4f541CompareSeptember 26, 2025 18:05
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch fromec4f541 toab38e97CompareSeptember 28, 2025 10:53
@ThomasK33ThomasK33 changed the titlefeat: add composite API key scopes for workspaces and templatesfeat: implement composite API key scopes for workspaces and templatesSep 28, 2025
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch fromab38e97 to8210ef2CompareSeptember 29, 2025 08:25
Add high-level composite scopes that expand to multiple low-levelpermissions:- coder:workspaces.create - Template read/use + workspace CRUD- coder:workspaces.operate - Workspace read/update- coder:workspaces.delete - Workspace read/delete- coder:workspaces.access - Workspace read/SSH/app connect- coder:templates.build - Template read + file ops + provisioner jobs- coder:templates.author - Full template management + insights- coder:apikeys.manage_self - Self API key managementThese composite scopes provide intuitive high-level permissions whilemaintaining granular control through existing low-level scopes.Database enum values are persisted to enable storing composite namesdirectly in tokens.
@ThomasK33ThomasK33force-pushed thethomask33/09-24-add_composite_api_key_scopes branch from8210ef2 toff05d77CompareSeptember 29, 2025 09:46
@ThomasK33ThomasK33 merged commit79126ab intomainSep 29, 2025
37 checks passed
@ThomasK33ThomasK33 deleted the thomask33/09-24-add_composite_api_key_scopes branchSeptember 29, 2025 11:17
@github-actionsgithub-actionsbot locked and limited conversation to collaboratorsSep 29, 2025
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Reviewers

@johnstcnjohnstcnjohnstcn approved these changes

@EmyrkEmyrkAwaiting requested review from EmyrkEmyrk is a code owner

Assignees

@ThomasK33ThomasK33

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

High-level (composite) scope sets (coder:...)
2 participants
@ThomasK33@johnstcn
[8]ページ先頭
©2009-2025 Movatter.jp