Skip to content

Remove token scope checks #566

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
JoeColeman95 merged 13 commits into from
Nov 24, 2025
Merged

Remove token scope checks #566

JoeColeman95 merged 13 commits into from
Nov 24, 2025

Conversation

@JoeColeman95
Copy link
Contributor

@JoeColeman95 JoeColeman95 commented Nov 24, 2025
edited
Loading

Removal of token scope checks

This PR removes token scope checks, as the API itself returns reasoning when a token without a valid scope is used, removing an additional API call made in PreRunE to check token scopes in favour of trusting the API.

Additionally, this reduces complexity with caching of token scopes, as this is no longer a required check.

We also cut API calls in half for affected commands (build cancel/new/list, job cancel/list, etc.), which addresses rate limiting concerns.

Example error messages users will see:

Example (403, token not scoped):

Error: failed to list builds: GET https://api.buildkite.com/v2/organizations/my-org/builds?page=1&per_page=100: 403 Your access token doesn't have the read_builds scope

Example (401, invalid token):

Error: failed to list builds: GET https://api.buildkite.com/v2/organizations/my-org/builds?page=1&per_page=100: 401 Authentication required. Please supply a valid API Access Token: https://buildkite.com/docs/apis/rest-api#authentication

Slight rework to the config check

Due to the changes, I've reworked the way that we prompt for missing config/env vars, as this check was being used to determine it.

As such, if you have no token/org slug, you'll get this:

Error: you must set a valid API token and organization slug. Run `bk configure`, or set the environment variables `BUILDKITE_API_TOKEN` and `BUILDKITE_ORGANIZATION_SLUG`

If you have a token set, but no org slug:

Error: you must set a valid organization slug. run `bk configure`, or set the environment variable `BUILDKITE_ORGANIZATION_SLUG`

If you have an org slug set, but no API token:

Error: you must set a valid API token. Run `bk configure`, or set the environment variable `BUILDKITE_API_TOKEN`

@JoeColeman95 JoeColeman95 requested a review from a team as a code owner November 24, 2025 15:17
@JoeColeman95 JoeColeman95 enabled auto-merge (squash) November 24, 2025 15:52
@JoeColeman95 JoeColeman95 merged commit b8bd321 into main Nov 24, 2025
1 check passed
@JoeColeman95 JoeColeman95 deleted the SUP-5608/Remove-token.go branch November 24, 2025 19:04
@scadu scadu mentioned this pull request Nov 25, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcncl mcncl mcncl approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@JoeColeman95 @mcncl