feat(auth): add scopes and org selection to ApiApplication#76974
Conversation
github-actions
Bot
added
the
Scope: Backend
Codecov ReportAll modified and coverable lines are covered by tests ✅ ✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## master #76974 +/- ##
===========================================
+ Coverage 57.14% 78.18% +21.03%
===========================================
Files 6902 6912 +10
Lines 306931 307293 +362
Branches 50305 50350 +45
===========================================
+ Hits 175408 240242 +64834
+ Misses 126725 60605 -66120
- Partials 4798 6446 +1648 |
sentaur-athena
force-pushed
the
athena/org-socpe-api-application
branch
from
ac88332 to
5b346b8
Compare
|
This PR has a migration; here is the generated SQL for --
-- Custom state/database change combination
--
ALTER TABLE "sentry_apiapplication"
ADD COLUMN "scopes" TEXT[] NULL,
ADD COLUMN "requires_org_level_access" BOOLEAN DEFAULT FALSE; |
| migrations.AddField( | ||
| model_name="apiapplication", | ||
| name="scopes", | ||
| field=sentry.db.models.fields.array.ArrayField(null=True), | ||
| ), | ||
| ], |
There was a problem hiding this comment.
Jfyi, you can just include this as a separate operation outside of the SeparateDatabaseAndState. It's safe to create a nullable column
sentaur-athena
force-pushed
the
athena/org-socpe-api-application
branch
2 times, most recently
from
21d9641 to
ef46622
Compare
|
This PR has a migration; here is the generated SQL for --
-- Custom state/database change combination
--
ALTER TABLE "sentry_apiapplication"
ADD COLUMN "scopes" TEXT[] NULL,
ADD COLUMN "requires_org_level_access" BOOLEAN DEFAULT FALSE; |
sentaur-athena
force-pushed
the
athena/org-socpe-api-application
branch
from
ef46622 to
4c62545
Compare
What will happen if an apiapplication has scopes stored in the database and a different set of scopes is provided during the authorization flow? |
|
@markstory we respect data base if it's tighter than what the app is asking for. For now though it's nullable and if it's null we don't change behavior at all. |
sentaur-athena
force-pushed
the
athena/org-socpe-api-application
branch
from
4c62545 to
7663f7d
Compare
|
This PR has a migration; here is the generated SQL for --
-- Custom state/database change combination
--
ALTER TABLE "sentry_apiapplication"
ADD COLUMN "scopes" TEXT[] NULL,
ADD COLUMN "requires_org_level_access" BOOLEAN DEFAULT FALSE; |
sentaur-athena
force-pushed
the
athena/org-socpe-api-application
branch
from
7663f7d to
2b5c428
Compare
We want to be able to provides scopes for each application and store it in the model. Today the application requests the scope which is too loose. The second change is to be able to limit the application scope to one org at a time. Basically if `requires_org_level_access` is true the user has to give the app permission twice to give the app access to 2 orgs.
3 participants
We want to be able to provides scopes for each application and store it in the model. Today the application requests the scope which is too loose.
The second change is to be able to limit the application scope to one org at a time. Basically if
requires_org_level_accessis true the user has to give the app permission twice to give the app access to 2 orgs.