Skip to content

feat: add multi-scope support to API keys#19917

Merged
ThomasK33 merged 1 commit into
mainfrom
thomask33/09-22-canonicalize_special_api_key_scopes
Sep 26, 2025
Merged

feat: add multi-scope support to API keys#19917
ThomasK33 merged 1 commit into
mainfrom
thomask33/09-22-canonicalize_special_api_key_scopes

Conversation

@ThomasK33
Copy link
Copy Markdown
Member

@ThomasK33 ThomasK33 commented Sep 22, 2025

Canonicalize API Key Scopes

This PR introduces canonical API key scopes with a coder: namespace prefix to avoid collisions with low-level resource:action names. It:

  1. Renames special API key scopes in the database:

    • allcoder:all
    • application_connectcoder:application_connect

  2. Adds support for a new scopes field in the API key creation request, allowing multiple scopes to be specified while maintaining backward compatibility with the singular scope field.

  3. Updates the API documentation to reflect these changes, including the new endpoint for listing public API key scopes.

  4. Ensures backward compatibility by mapping between legacy and canonical scope names in relevant code paths.

This was referenced Sep 22, 2025
Merged
Merged
Merged
Merged
Merged
@ThomasK33 Graphite App
Copy link
Copy Markdown
Member Author

ThomasK33 commented Sep 22, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 mentioned this pull request Sep 22, 2025
Merged
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 9 times, most recently from b25f825 to ae9cd7c Compare September 23, 2025 10:10
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from 3e06647 to 8f46553 Compare September 23, 2025 10:12
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from ae9cd7c to 24afdea Compare September 23, 2025 10:29
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch 2 times, most recently from b5a1899 to df26fde Compare September 23, 2025 10:51
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 24afdea to 592b758 Compare September 23, 2025 10:51
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from df26fde to 379833f Compare September 23, 2025 12:34
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 592b758 to 3223b46 Compare September 23, 2025 12:38
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch 2 times, most recently from dd9f91b to 29f787f Compare September 23, 2025 13:45
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from e3bf61c to c29d8ce Compare September 23, 2025 13:58
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from 29f787f to 7f43f71 Compare September 23, 2025 13:58
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from c29d8ce to 5562ff4 Compare September 23, 2025 14:29
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 3e3def7 to 9060574 Compare September 24, 2025 16:10
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from 57ec770 to 411151c Compare September 24, 2025 16:10
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 9060574 to f5e0777 Compare September 24, 2025 16:27
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from 411151c to 73e3922 Compare September 24, 2025 16:27
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from f5e0777 to 2bf3c3c Compare September 24, 2025 16:41
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch 2 times, most recently from 3f1594c to dd9a21c Compare September 24, 2025 16:44
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from e5ef1f0 to 32b4c5d Compare September 24, 2025 20:50
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch 2 times, most recently from 0edbf0c to bb211fa Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 32b4c5d to 6b3d164 Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from bb211fa to a4a9d57 Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 6b3d164 to 5335d8b Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 mentioned this pull request Sep 25, 2025
Merged
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from a4a9d57 to acadd79 Compare September 25, 2025 15:56
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from 6b9783a to a3329a4 Compare September 25, 2025 16:07
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch from acadd79 to b8267e1 Compare September 25, 2025 16:07
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from a3329a4 to 45d6550 Compare September 25, 2025 16:25
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-canonicalize_special_api_key_scopes branch 5 times, most recently from 9e0bf76 to 1c54aa1 Compare September 25, 2025 17:33
@ThomasK33 ThomasK33 mentioned this pull request Sep 25, 2025
Merged
Emyrk
Emyrk approved these changes Sep 25, 2025
View reviewed changes
Comment thread coderd/apikey.go
Comment thread coderd/users.go
johnstcn
johnstcn approved these changes Sep 26, 2025
View reviewed changes
Comment thread coderd/database/migrations/000373_canonicalize_special_api_key_scopes.up.sql
@ThomasK33 Graphite App
Copy link
Copy Markdown
Member Author

ThomasK33 commented Sep 26, 2025
edited
Loading

Merge activity

  • Sep 26, 9:30 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Sep 26, 9:45 AM UTC: Graphite rebased this pull request as part of a merge.
  • Sep 26, 9:56 AM UTC: @ThomasK33 merged this pull request with Graphite.

@ThomasK33
feat: rename special API key scopes to coder:* namespace
c66a19c 
This change unifies scope handling by migrating special scopes to the
coder:* namespace while maintaining backward compatibility:

- Database: 'all' -> 'coder:all', 'application_connect' -> 
  'coder:application_connect'
- API accepts both legacy and canonical forms in requests
- Responses maintain legacy format for existing client compatibility
- Scope catalog returns all public scopes including canonical specials
- Validation enforces public scope requirements using unified logic

The migration preserves existing API key functionality while establishing
consistent scope naming conventions for future extensibility.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@johnstcn johnstcn johnstcn approved these changes

@Emyrk Emyrk Emyrk approved these changes

Assignees

@ThomasK33 ThomasK33

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ThomasK33 @johnstcn @Emyrk