Skip to content

Repository permissions docs do not warn about changes to access tokens

Created by: slimsag

Our repository permissions docs today do not warn about potential changes to access tokens. Because permission synching also involves removing users' permissions this may result in a customer's scripts breaking. For example:

  • Users previously had access to all repositories, including ones not accessible to them on the code host.
  • They wrote scripts using the Sourcegraph API with a personal access token which began to rely on getting complete search results back (a very common use case).
  • The site admin enacts repository permissions, which either (a) removes permission from some repositories leading their script to now fail as it does not get results for those repos or (b) no longer gives them "access to all repos on Sourcegraph" which makes their usage of the API inconsistent.

Example of how this could be very bad:

  • A developer uses our search API to find leaked access tokens in all repos they have. The system has worked well up until today.
  • An access token was leaked, but their Sourcegraph API searches now no longer return all results (because of repository permissions), meaning their access token remains in repositories they do not have permission to access.
  • They later come to realize the access token was not fully removed from their code, blaming their security team and us for not warning them.

Should be a simple docs change.

I worry this will happen at: https://app.hubspot.com/contacts/2762526/company/407948923/