Skip to content

feat: add scopes and resource allow-list to API tokens#20249

Closed
ThomasK33 wants to merge 1 commit into
thomask33/10-09-add_scope_catalog_apifrom
thomask33/10-09-add_token_scope_management
Closed

feat: add scopes and resource allow-list to API tokens#20249
ThomasK33 wants to merge 1 commit into
thomask33/10-09-add_scope_catalog_apifrom
thomask33/10-09-add_token_scope_management

Conversation

@ThomasK33
Copy link
Copy Markdown
Member

@ThomasK33 ThomasK33 commented Oct 9, 2025

Add Token Scopes and Allow-List Support

This PR adds support for token scopes and resource allow-lists, enabling more granular control over API token permissions. Users can now:

  1. Create and edit tokens with specific scopes using either:

    • Composite scopes (high-level capabilities)
    • Low-level scopes (fine-grained permissions)

  2. Restrict tokens to specific resources with an allow-list:

    • Limit to specific workspaces or templates
    • Use wildcards for resource types

The implementation includes:

  • New API endpoints for token management
  • UI for scope selection and resource filtering
  • Token editing capabilities
  • Enhanced token listing with scope and allow-list information

These changes improve security by supporting the principle of least privilege for API tokens.

@ThomasK33 ThomasK33 mentioned this pull request Oct 9, 2025
Closed
@ThomasK33 ThomasK33 mentioned this pull request Oct 9, 2025
Closed
@ThomasK33 Graphite App
Copy link
Copy Markdown
Member Author

ThomasK33 commented Oct 9, 2025
edited
Loading

Warning

This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite.
Learn more

This stack of pull requests is managed by Graphite. Learn more about stacking.

@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from d26265a to d8c07af Compare October 14, 2025 13:36
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_token_scope_management branch 2 times, most recently from 2d9098b to e56c680 Compare October 14, 2025 13:57
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from d8c07af to 8b28268 Compare October 14, 2025 13:57
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_token_scope_management branch from e56c680 to 8ad7363 Compare October 14, 2025 14:11
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from 8b28268 to 2026c82 Compare October 14, 2025 14:11
@github-actions github-actions Bot added the stale This issue is like stale bread. label Oct 22, 2025
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from 2026c82 to c0f9ab2 Compare October 22, 2025 11:17
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_token_scope_management branch from 8ad7363 to 8b41e7c Compare October 22, 2025 11:17
@github-actions github-actions Bot removed the stale This issue is like stale bread. label Oct 23, 2025
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from c0f9ab2 to 8108da0 Compare October 24, 2025 14:20
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_token_scope_management branch from 8b41e7c to 2eb31ac Compare October 24, 2025 14:20
@ThomasK33
feat: support scoped token management UI
28c5e34 
Introduce scope catalog integration on create token form to allow
multi-mode selection of composite and low-level scopes with previews.
Add allow-list resolver, hydration, and serialization utilities for
both creation and editing flows, plus expose edit page and tests.
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_scope_catalog_api branch from 8108da0 to 680f589 Compare October 24, 2025 16:45
@ThomasK33 ThomasK33 force-pushed the thomask33/10-09-add_token_scope_management branch from 2eb31ac to 28c5e34 Compare October 24, 2025 16:45
@ThomasK33 ThomasK33 closed this Oct 24, 2025
@ThomasK33 ThomasK33 deleted the thomask33/10-09-add_token_scope_management branch October 24, 2025 16:49
@github-actions github-actions Bot locked and limited conversation to collaborators Oct 24, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@ThomasK33 ThomasK33

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ThomasK33