Closed cdelst closed 1 year ago
Assigning to @getsentry/support for routing, due by (sfo). ⏲️
Routing to @getsentry/product-owners-settings for triage, due by (sfo). ⏲️
@leedongwei can this API be used using Integration tokens or does it need a user's auth token?
Adding a bit more context, the token I am using is being generated by an Oauth flow from a public integration.
I suspect that the line in the docs: “available to the authenticated session” is probably the culprit here.
Any update on investigation here? cc @Dhrumil-Sentry @leedongwei
@cdelst I'll let @leedongwei confirm this but I suspect that this particular API endpoint can only be invoked by a user token. The integration token you are using is tied to a specific org and it won't be able to list other organizations your user account has access too.
Is there any particular use case for which you need this list of orgs?
@Dhrumil-Sentry The exact use case we need is to be able to list all environments and projects in a given org, without knowing the org name/key (as that is not provided in the integration handshake as far as I can tell).
The list organizations endpoint is a roundabout way of getting that, but we did not find another endpoint that could satisfy that requirement.
I'm assuming you're looking for projects and environments in your own organization. In which case the APIs would be:
/api/0/organizations/launchdarkly-ecosystem/projects/
- all projects
/api/0/organizations/launchdarkly-ecosystem/environments/
- all environments
The subdomain in the URL (in your case launchdarkly-ecosystem
) is your organization key.
@AniketDas-Tekky Unfortunately, we need the projects and environments of our integration consumer, to provide them a setup experience on our end mapping our (LaunchDarkly's) environments and projects to the customer's Sentry projects and environments.
Looking at the permissions of the integration, it feels like this should be possible when the Organization
permission is set to read:
Integration tokens only work in the owner organization's domain. This would be like having a special user who is only in the LaunchDarkly organization trying to access another organization. Your consumer would need to provide their token in order for you to read their organization's information.
@AniketDas-Tekky I could be confused here, so sorry in advance, but I thought the point of going through the authentication flow, and getting a token out of it was that that token had access to our integration consumer's information. It's fine if that token is scoped to an organization, but we need some way of getting information about that organization with the information that's provided to us through the integration handshake.
Are there any other approaches you'd recommend here? Or is it simply not possible? Being able to retrieve only the customer's projects using our token would be a bit unfortunate.
Additionally, it might make more sense to not return a 200 - OK
when a token does not have access to any organization information if that is indeed the expected behavior for all integration tokens.
@Dhrumil-Sentry The exact use case we need is to be able to list all environments and projects in a given org, without knowing the org name/key (as that is not provided in the integration handshake as far as I can tell).
The list organizations endpoint is a roundabout way of getting that, but we did not find another endpoint that could satisfy that requirement.
@cdelst - You do get the org-slug. Pleas have a look at the installation webhooks response here
You would need to store a mapping of org-slugs and auth tokens if you wish to invoke the APIs you need.
Thanks @Dhrumil-Sentry. I missed that. Thanks for both of your help.
Environment
SaaS (https://sentry.io/)
Steps to Reproduce
GET https://launchdarkly-ecosystem.sentry.io/api/0/organizations/
I have also tried using the non self-hosted URL as well.
Here's a screenshot of the integration permissions I'm using that generates the token:
Expected Result
I expect the organizations endpoint to return the organizations in our account.
Actual Result
200 OK - []
Proof that I do in fact have an organization (I don't think you can not have one?)
Product Area
Other
Link
No response
DSN
No response
Version
No response