fusionauth-issues icon indicating copy to clipboard operation
fusionauth-issues copied to clipboard

Published 20 hours ago verified publisher icon FusionAuth

Add all-access configuration for API keys

Open spwitt opened this issue 7 months ago • 0 comments

Add all-access configuration for API keys

Problem

FusionAuth treats API keys without permission for any specific API endpoints as having access to all API endpoints. This can be confusing and lead to issues when attempting to disable an API key by removing permissions or when new endpoints are added to FusionAuth.

Solution

Add an explicit configuration that indicates an API key has access to all endpoints. API keys with this configuration enabled will have access to all endpoints regardless of their permissions configuration.

Alternatives/workarounds

Continue treating an empty permissions set as allowing access to all API endpoints.

Additional context

  • The solution needs to account for integrations that create API keys automatically through Kickstart, Terraform, or API calls

Related issues

  • https://github.com/FusionAuth/fusionauth-issues/issues/1468
  • https://github.com/FusionAuth/fusionauth-issues/issues/1675
  • https://github.com/FusionAuth/fusionauth-issues/issues/2802
  • https://github.com/FusionAuth/fusionauth-issues/issues/2536

How to vote

Please give us a thumbs up or thumbs down as a reaction to help us prioritize this feature. Feel free to comment if you have a particular need or comment on how this feature should work.

spwitt avatar Jul 19 '24 15:07 spwitt