Skip to content

feat: add external API key scopes #19916

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2025
Merged

feat: add external API key scopes #19916

merged 1 commit into from
Sep 26, 2025

Conversation

@ThomasK33
Copy link
Member

@ThomasK33 ThomasK33 commented Sep 22, 2025
edited
Loading

Add support for low-level API key scopes

This PR adds support for fine-grained API key scopes based on RBAC resource:action pairs. It includes:

  1. A new endpoint /api/v2/auth/scopes to list all public low-level API key scopes
  2. Generated constants in the SDK for all public scopes
  3. Tests to verify scope validation during token creation
  4. Updated API documentation to reflect the expanded scope options

The implementation allows users to create API keys with specific permissions like workspace:read or template:use instead of only the legacy all or application_connect scopes.

Fixes #19847

This was referenced Sep 22, 2025
Merged
Merged
Merged
Merged
@ThomasK33 Graphite App
Copy link
Member Author

ThomasK33 commented Sep 22, 2025
edited
Loading

This stack of pull requests is managed by Graphite. Learn more about stacking.

This was referenced Sep 22, 2025
Merged
Merged
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 4f64c51 to caa7377 Compare September 22, 2025 15:28
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from a87664b to a3fe88d Compare September 22, 2025 16:33
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from caa7377 to bf1e4e9 Compare September 22, 2025 16:33
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from a3fe88d to 85aef6b Compare September 22, 2025 17:03
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch 2 times, most recently from 76ae5ab to f1eed85 Compare September 22, 2025 17:28
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from 1783eb7 to 8630b57 Compare September 22, 2025 17:42
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch 2 times, most recently from cb2f97e to c96c93d Compare September 22, 2025 19:30
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from c7a9788 to e36b0c1 Compare September 23, 2025 08:04
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch 2 times, most recently from 0ae1500 to b7ba894 Compare September 23, 2025 08:57
@ThomasK33 ThomasK33 linked an issue Sep 23, 2025 that may be closed by this pull request
Built-in low-level scope catalog (resource:action) #19847
Closed
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 6 times, most recently from 3223b46 to e3bf61c Compare September 23, 2025 13:45
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from f5e0777 to 2bf3c3c Compare September 24, 2025 16:41
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from bbd9174 to 969baa9 Compare September 24, 2025 16:44
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 2bf3c3c to e5ef1f0 Compare September 24, 2025 16:44
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 969baa9 to 939267f Compare September 24, 2025 20:50
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from e5ef1f0 to 32b4c5d Compare September 24, 2025 20:50
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 939267f to 8e56891 Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from 6b3d164 to 5335d8b Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 8e56891 to 2cddda5 Compare September 25, 2025 15:46
@ThomasK33 ThomasK33 mentioned this pull request Sep 25, 2025
Merged
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 2cddda5 to 6258186 Compare September 25, 2025 15:56
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 5335d8b to 6b9783a Compare September 25, 2025 15:56
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 6258186 to 4f84ffa Compare September 25, 2025 16:05
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from a3329a4 to 45d6550 Compare September 25, 2025 16:25
@ThomasK33 ThomasK33 requested a review from aslilac September 25, 2025 18:32
@ThomasK33 ThomasK33 mentioned this pull request Sep 25, 2025
Merged
Emyrk
Emyrk approved these changes Sep 25, 2025
View reviewed changes
Emyrk
Emyrk reviewed Sep 25, 2025
View reviewed changes
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-add_curated_scope_catalog branch from 4f84ffa to 6466375 Compare September 26, 2025 07:45
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch 2 times, most recently from 7f0cdfd to 2ea1b29 Compare September 26, 2025 08:25
@ThomasK33 Graphite App
Copy link
Member Author

ThomasK33 commented Sep 26, 2025
edited
Loading

Merge activity

  • Sep 26, 9:30 AM UTC: A user started a stack merge that includes this pull request via Graphite.
  • Sep 26, 9:32 AM UTC: Graphite rebased this pull request as part of a merge.
  • Sep 26, 9:43 AM UTC: @ThomasK33 merged this pull request with Graphite.

@ThomasK33 ThomasK33 changed the base branch from thomask33/09-22-add_curated_scope_catalog to graphite-base/19916 September 26, 2025 09:30
@ThomasK33 ThomasK33 changed the base branch from graphite-base/19916 to main September 26, 2025 09:30
@ThomasK33
feat: add public API key scope endpoint
6c0e2dd 
Add /auth/scopes endpoint returning curated list of public low-level API key scopes (resource:action format).
This read-only endpoint requires no authentication and provides SDK constants for all public scopes.
@ThomasK33 ThomasK33 force-pushed the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch from 2ea1b29 to 6c0e2dd Compare September 26, 2025 09:31
@ThomasK33 ThomasK33 merged commit 4bda395 into main Sep 26, 2025
32 checks passed
@ThomasK33 ThomasK33 deleted the thomask33/09-22-feat_add_public_api_key_scope_endpoint branch September 26, 2025 09:43
@github-actions github-actions bot locked and limited conversation to collaborators Sep 26, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@Emyrk Emyrk Emyrk approved these changes

@aslilac aslilac Awaiting requested review from aslilac

Assignees

@ThomasK33 ThomasK33

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Built-in low-level scope catalog (resource:action)

3 participants

@ThomasK33 @Emyrk