Define alpha public authentication status API#64
Merged
Conversation
Co-authored-by: Stefan Amberger <stefan.amberger@tilebox.com>
|
The latest Buf updates on your PR. Results from workflow Lint Protobuf / buf (pull_request).
|
Co-authored-by: Stefan Amberger <stefan.amberger@tilebox.com>
Co-authored-by: Stefan Amberger <stefan.amberger@tilebox.com>
Co-authored-by: Stefan Amberger <stefan.amberger@tilebox.com>
snamber
marked this pull request as ready for review
July 18, 2026 10:02
Co-authored-by: Stefan Amberger <stefan.amberger@tilebox.com>
snamber
marked this pull request as draft
July 18, 2026 10:04
snamber
marked this pull request as ready for review
July 18, 2026 10:07
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
authentication.v1alpha1.AuthenticationServiceGetAuthenticationStatuswith requiredUserandOrganizationidentitiesAPIKeyonly when API-key authentication was usedThis deliberately does not extend Core's private
auth.v1.AuthService. Usingauthenticationrather than Core's privateauthprotobuf package keeps their fully qualified message names distinct, allowing Core to register the new public service alongside its existing privateAuthService. Thev1alpha1suffix separately marks the public contract as unstable so this draft can merge without committing to a stablev1contract.Public alpha contract
Leaf messages are
authentication.v1alpha1.User,authentication.v1alpha1.Organization, andauthentication.v1alpha1.APIKey. Entity IDs use the repository-standardtilebox.v1.ID.APIKeyexposes onlyid,identifier, anddescription; there is no secret field to accidentally populate.Requests without valid authentication are expected to return
UNAUTHENTICATEDat runtime. Runtime implementation is intentionally out of scope here.Generated-client impact
This repository tracks protobuf sources rather than generated clients. Existing generation produces the new OpenAPI operation at:
POST /authentication.v1alpha1.AuthenticationService/GetAuthenticationStatusDownstream
tilebox-gogeneration adds:protogen/authentication/v1alpha1/authentication.pb.goprotogen/authentication/v1alpha1/authentication_grpc.pb.goprotogen/authentication/v1alpha1/authenticationv1alpha1connect/authentication.connect.goCore and CLI should consume
authentication.v1alpha1.AuthenticationService/GetAuthenticationStatus, not the Core-draftauth.v1.AuthServicemethod or the earlier stable-package version from this draft. Core must map its UUID strings/values totilebox.v1.ID.Alpha compatibility and promotion
The repository's
WIRE_JSONbreaking checks remain enabled so accidental incompatibilities stay visible during alpha. If a deliberate breaking alpha revision is needed, publishauthentication.v1alpha2. Once the contract matures, promote by addingauthentication.v1beta1orauthentication.v1as a new package and route rather than renaming the live alpha in place. Ifv1alpha1has consumers by then, serve both versions during migration before removing alpha.Validation
Passed locally:
buf format --diff --exit-code .buf build .buf lint .buf breaking . --against '.git#branch=main'buf generatetilebox-go-equivalent protobuf, gRPC, and Connect Go generationauthentication.v1beta1andauthentication.v1identifier/path checkgit diff --checkBuf 1.71 exposed a pre-existing formatter issue in
apis/tilebox/v1/id.proto: its inline// Nil UUIDcomment caused the formatter to place]inside the comment. The second commit moves that explanation to its own line and applies the formatter's one-line list form. Validation semantics are unchanged; this mechanical fix is included only so the repository-wide format check can pass.During this PR, the unpinned GitHub action advanced from Buf 1.71 to 1.72 and exposed two additional repository-wide formatting changes plus five unused imports on
main. The final mechanical commit applies those formatter results and removes only the imports identified by Buf; protobuf descriptors and wire behavior are unchanged. All checks were rerun with Buf 1.72.