- Notifications
You must be signed in to change notification settings - Fork1k
feat: add legacy API key scope compatibility#20021
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Open
ThomasK33 wants to merge1 commit intothomask33/09-29-feat_typed_rbac_allow_listChoose a base branch
base:thomask33/09-29-feat_typed_rbac_allow_list
Could not load branches
Branch not found:{{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline, and old review comments may become outdated.
Open
feat: add legacy API key scope compatibility#20021
ThomasK33 wants to merge1 commit intothomask33/09-29-feat_typed_rbac_allow_listfromthomask33/09-29-feat_legacy_apikey_backcompat
+136 −0
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
This was referencedSep 29, 2025
MemberAuthor
ThomasK33 commentedSep 29, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stackon Graphite.
This stack of pull requests is managed byGraphite. Learn more aboutstacking. |
f38d137 tof8cddd7Compare9c44c4f tob11c4e8Compareb11c4e8 to0d9e60aCompare52770fc to8390b78Compare0d9e60a to90528a2Compare8390b78 tocb4f67cCompare90528a2 toa3e10c2Comparecb4f67c tobc0acfcComparea3e10c2 to5058a5aComparebc0acfc toc410a2cCompare5058a5a toa482459Comparec410a2c to696cc1dComparea482459 to5e55406Compare
Don't we have a migration to update these scopes + allow lists to convert them to the new api key? Our customers get release by release, so there should be no window after the migration where the old api keys are created. |
ecdebc1 tob07d6f5Compare4bb9040 tocc44d1cCompare31570ef toab61e4eComparecc44d1c to4c9762eCompareab61e4e to009ef1cCompare4c9762e toc9ad043Compare009ef1c tof5bfb50Comparec9ad043 to610e5e7Comparef5bfb50 to5da9aa2Compare5da9aa2 to2307d62Compare14537db tofd7df7cCompare2307d62 tod7b29daCompareThis change introduces backwards compatibility for API keys createdbefore the scopes and allow-lists feature.Previously, these legacy keys had empty scope and allow-listdefinitions in the database. They are now dynamically interpreted ashaving `coder:all` scope, granting them full access. This ensures thatold, unscoped tokens continue to function as they did before theintroduction of fine-grained permissions.
d7b29da to2d313efComparefd7df7c to80f543aCompareSign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Labels
None yet
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Add legacy API key compatibility
This PR adds support for legacy API keys that were created before the scopes migration. It ensures that API keys with empty scopes and allow lists are properly expanded to have full access permissions, maintaining backward compatibility.
Key changes:
LegacyTokento create API keys that mimic pre-migration database structurecoder:allin the API key conversion logicThis maintains compatibility with older API keys while preserving the new scopes functionality.