Skip to content

feat(api): project and personal scoped access tokens #7206

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
n1ru4l merged 43 commits into from
Nov 10, 2025
Merged

feat(api): project and personal scoped access tokens #7206

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
8d86c9e
feat(api): project and personal scoped access tokens
n1ru4l Nov 3, 2025
e854b3a
typo
n1ru4l Nov 3, 2025
9cc1d76
feat: project access token ui
n1ru4l Nov 3, 2025
1e8349e
reuse component
n1ru4l Nov 3, 2025
830b8b8
ui ui ui
n1ru4l Nov 3, 2025
92b5a51
fixtures
n1ru4l Nov 3, 2025
f6237af
fix
n1ru4l Nov 3, 2025
dc71293
fix ts
n1ru4l Nov 3, 2025
c79b6f7
mr lint
n1ru4l Nov 3, 2025
a8c2050
feat: prevent using personal access token if permissions are lacking
n1ru4l Nov 3, 2025
74a1352
no emoji?
n1ru4l Nov 3, 2025
b1df679
ui feedback for assign based on viewer
n1ru4l Nov 3, 2025
8a187b7
add some descriptions
n1ru4l Nov 3, 2025
1724cf3
tests tests tests
n1ru4l Nov 3, 2025
7525bdb
changeset
n1ru4l Nov 3, 2025
89c7dda
dem fixtures
n1ru4l Nov 3, 2025
3f236c7
include userId and projectId in audit log types
n1ru4l Nov 3, 2025
112d881
Apply suggestion from @n1ru4l
n1ru4l Nov 4, 2025
7200828
Apply suggestion from @n1ru4l
n1ru4l Nov 4, 2025
7a837b2
remove outdated comment
n1ru4l Nov 4, 2025
e4b654d
lint
n1ru4l Nov 4, 2025
280d626
assert delete based on access token type
n1ru4l Nov 4, 2025
beb977e
add type debug info
n1ru4l Nov 4, 2025
0634de6
remove dev debug code remains
n1ru4l Nov 4, 2025
07298d4
fix dem types
n1ru4l Nov 4, 2025
f15eb53
l like my errors
n1ru4l Nov 4, 2025
dbf9100
schema adjustments
n1ru4l Nov 4, 2025
a255651
no breaking schema changes :)
n1ru4l Nov 4, 2025
7914e98
lint
n1ru4l Nov 4, 2025
81f04c4
review works
n1ru4l Nov 5, 2025
35520ee
no scope
n1ru4l Nov 6, 2025
e271940
changeset
n1ru4l Nov 6, 2025
08bbd65
more integration tests and permission fixes
n1ru4l Nov 6, 2025
fdeee74
!
n1ru4l Nov 6, 2025
ca19d84
lint
n1ru4l Nov 6, 2025
7626887
typo
n1ru4l Nov 6, 2025
40d1067
improve descriptions
n1ru4l Nov 7, 2025
ad24fb1
add unique letter to access token based on type
n1ru4l Nov 7, 2025
d7b8599
include scope in access token whoami output
n1ru4l Nov 7, 2025
7d9e5f6
all the tests
n1ru4l Nov 7, 2025
c13c087
grammar
n1ru4l Nov 7, 2025
6fce5a1
:eyes:
n1ru4l Nov 7, 2025
82048e9
improve formatting
n1ru4l Nov 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions .changeset/five-hoops-punch.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'@graphql-hive/cli': minor
---

Improve output of the `hive whoami` command. It now also handles the new access token format.
5 changes: 5 additions & 0 deletions .changeset/long-impalas-wash.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
---
'hive': minor
---

Introduce personal access tokens (PAT) and project scoped access tokens.
15 changes: 12 additions & 3 deletions integration-tests/testkit/seed.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ import {
import { execute } from './graphql';
import { UpdateSchemaPolicyForOrganization, UpdateSchemaPolicyForProject } from './schema-policy';
import { collect, CollectedOperation, legacyCollect } from './usage';
import { generateUnique } from './utils';
import { generateUnique, getServiceHost } from './utils';

export function initSeed() {
function createConnectionPool() {
Expand Down Expand Up @@ -89,6 +89,15 @@ export function initSeed() {
},
authenticate,
generateEmail: () => userEmail(generateUnique()),
async purgeOrganizationAccessTokenById(id: string) {
const registryAddress = await getServiceHost('server', 8082);
await fetch(
'http://' + registryAddress + '/cache/organization-access-token-cache/delete/' + id,
{
method: 'POST',
},
).then(res => res.json());
},
async createOwner() {
const ownerEmail = userEmail(generateUnique());
const auth = await authenticate(ownerEmail);
Expand Down Expand Up @@ -120,7 +129,7 @@ export function initSeed() {
) {
const result = await createOrganizationAccessToken(
{
title: 'A Access Token',
title: 'an access token',
description: 'access token',
organization: {
byId: organization.id,
Expand Down Expand Up @@ -488,7 +497,7 @@ export function initSeed() {
return result.addAlertChannel;
},
/**
* Create a access token for a given target.
* Create an access token for a given target.
* This token can be used for usage reporting and all actions that would be performed by the CLI.
*/
async createTargetAccessToken({
Expand Down
9 changes: 9 additions & 0 deletions integration-tests/testkit/utils.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -111,3 +111,12 @@ export function assertNonNull<T>(
throw new Error(message);
}
}

export function assertNonNullish<T>(
value: T | null | undefined,
message = 'Expected non-null value.',
): asserts value is T {
if (value === null) {
throw new Error(message);
}
}
Loading
Loading