Skip to content

feat(settings): add v1 api token and token reveal popup#1045

Open
fayazg wants to merge 3 commits into
mainfrom
feat/LFXV2-2542
Open

feat(settings): add v1 api token and token reveal popup#1045
fayazg wants to merge 3 commits into
mainfrom
feat/LFXV2-2542

Conversation

@fayazg

@fayazg fayazg commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Surface the user-scoped v1 API Gateway token (audience api-gw.platform.linuxfoundation.org) alongside the existing v2 OIDC session token in the account settings developer section (/settings), so users migrating off the retiring Individual Dashboard can keep calling v1 APIs. The v1 token is already minted by the auth middleware via refresh-token exchange (req.apiGatewayToken); the developer endpoint now returns it as an optional v1Token, and the row is hidden when unavailable.
  • Replace the inline show/hide toggle with a reveal popup (DialogService.open() dynamic component) that shows the full token in a wrapped, scrollable box (no horizontal scrolling) with Copy and Close; the card keeps only the masked preview.
  • Remove the redundant /profile/developer page (it duplicated this UI): the route now redirects to /settings, and the header "Developer Settings" menu item points to /settings#developer-settings.

Changes

  • packages/shared: new DeveloperTokenInfo interface (token, type, optional v1Token).
  • Backend: getDeveloperTokenInfo returns v1Token when present; logs has_v1_token (never the value); existing no-store cache headers retained.
  • Frontend: getDeveloperTokenInfo() typed to DeveloperTokenInfo; account-settings developer section renders v2 + v1 rows; new shared TokenRevealDialogComponent for the popup; old profile-developer component removed.

Notes / trade-offs

  • The reveal dialog is opened fire-and-forget via DialogService (display-only, no result to handle) — consistent with existing usages like documents-table.
  • No unit .spec.ts for TokenRevealDialogComponent: this repo has no component unit-test runner (testing is Playwright E2E); sibling dialog components follow the same pattern.

Part of the myprofile (Individual Dashboard) cutover. JIRA: LFXV2-2542

Surface the user-scoped v1 API Gateway token (audience api-gw.*) alongside
the existing v2 OIDC token in the account settings developer section, so users
migrating off the Individual Dashboard can keep calling v1 APIs. The v1 token
is minted by the auth middleware via refresh-token exchange and returned by
GET /api/profile/developer as an optional v1Token; the row is hidden when
unavailable.

Replace the inline show/hide toggle with a reveal popup (DialogService dynamic
component) showing the full token on a single scrollable line with Copy and
Close; the card keeps only the masked preview.

Remove the redundant /profile/developer page (redirect to /settings) and point
the header "Developer Settings" menu item at /settings.

LFXV2-2542

Signed-off-by: Fayaz G <5818912+fayazg@users.noreply.github.com>
@fayazg fayazg requested a review from a team as a code owner June 29, 2026 21:31
Copilot AI review requested due to automatic review settings June 29, 2026 21:31
@coderabbitai

coderabbitai Bot commented Jun 29, 2026

Copy link
Copy Markdown
Contributor

Review Change Stack

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 5906234c-af99-4922-a9ae-a97e26c51418

📥 Commits

Reviewing files that changed from the base of the PR and between 2418ced and be835c0.

📒 Files selected for processing (5)
  • apps/lfx-one/src/app/app.config.ts
  • apps/lfx-one/src/app/modules/profile/profile.routes.ts
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.html
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts
  • apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.ts
💤 Files with no reviewable changes (1)
  • apps/lfx-one/src/app/modules/profile/profile.routes.ts
🚧 Files skipped from review as they are similar to previous changes (3)
  • apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.ts
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.html
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts

Walkthrough

Adds a typed developer token response with optional v1 data, shows tokens in a popup dialog, updates account settings token handling and UI for v1/v2 tokens, and redirects developer navigation to settings with anchor scrolling enabled.

Changes

Developer Token v1/v2 Refactor

Layer / File(s) Summary
DeveloperTokenInfo interface and API contract
packages/shared/src/interfaces/profile.interface.ts, apps/lfx-one/src/server/controllers/profile.controller.ts, apps/lfx-one/src/app/shared/services/user.service.ts
Adds DeveloperTokenInfo with optional v1Token, updates the profile controller to return it when available, and changes getDeveloperTokenInfo() to use the shared type.
TokenRevealDialogComponent
apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.ts, apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.html
Adds the shared dialog component and template for displaying, copying, and closing a revealed token.
AccountSettingsComponent token state and actions
apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts
Adds dynamic dialog wiring, v1 token state, shared masking, popup opening, and token-kind-aware clipboard handling.
AccountSettingsComponent token UI
apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.html
Updates the v2 token card to use masked display plus popup reveal, and adds the conditional v1 token card with its own actions.
Developer navigation and scrolling
apps/lfx-one/src/app/modules/profile/profile.routes.ts, apps/lfx-one/src/app/shared/components/header/header.component.ts, apps/lfx-one/src/app/app.config.ts
Redirects the legacy developer route to settings, updates the header target to /settings#developer-settings, and enables anchor scrolling.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Suggested labels

ai-assisted, enhancement

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Title check ✅ Passed The title clearly summarizes the main change: adding a v1 token and a token reveal popup in settings.
Description check ✅ Passed The description accurately matches the implemented settings, backend, routing, and dialog changes.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/LFXV2-2542

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

ESLint install failed. For unrecoverable errors, disable the tool in CodeRabbit configuration.


Comment @coderabbitai help to get the list of available commands.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for exposing a user-scoped v1 API Gateway token in the existing developer settings area and replaces inline token reveal with a dedicated popup dialog, while removing/redirecting the legacy /profile/developer page to consolidate the experience under /settings.

Changes:

  • Extend developer token API/typing to optionally include a v1 API Gateway token (v1Token) alongside the existing v2 bearer token.
  • Introduce a dynamic “token reveal” dialog and update account settings UI to show v2 and (when available) v1 token rows with masked previews.
  • Redirect legacy developer settings route and update header navigation to point to /settings#developer-settings.

Reviewed changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 3 comments.

Show a summary per file
File Description
packages/shared/src/interfaces/profile.interface.ts Adds DeveloperTokenInfo interface including optional v1Token.
apps/lfx-one/src/server/controllers/profile.controller.ts Surfaces req.apiGatewayToken as optional v1Token and logs has_v1_token.
apps/lfx-one/src/app/shared/services/user.service.ts Types getDeveloperTokenInfo() to DeveloperTokenInfo.
apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.ts Adds new dynamic dialog component for token reveal/copy.
apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.html Dialog markup for wrapped, scrollable token display with Copy/Close.
apps/lfx-one/src/app/shared/components/header/header.component.ts Updates “Developer Settings” menu item to /settings with fragment.
apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts Adds v1 token state, dialog open handler, and updated copy handler.
apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.html Renders separate v2 + conditional v1 token rows; uses reveal popup.
apps/lfx-one/src/app/modules/profile/profile.routes.ts Redirects /profile/developer to /settings.
apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.ts Removes legacy profile developer component.
apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.html Removes legacy profile developer template.
Comments suppressed due to low confidence (1)

apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts:410

  • navigator.clipboard.writeText() failures (permission denied, insecure context, etc.) are not handled here. A rejected promise will be unhandled and the user won't get any feedback.
    navigator.clipboard.writeText(token).then(() => {
      this.tokenCopied.set(true);
      this.messageService.add({ severity: 'success', summary: 'Copied', detail: 'Token copied to clipboard' });
      setTimeout(() => this.tokenCopied.set(false), 2000);
    });

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)
apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts (1)

403-410: 🩺 Stability & Availability | 🟡 Minor | ⚡ Quick win

Handle clipboard write failures in copyToken
navigator.clipboard.writeText() can fail when clipboard access is unavailable or denied, and this path currently drops that error without any user feedback. Switch this to async/await with try/catch (or add a .catch() handler) and show a failure toast.

🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In
`@apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts`
around lines 403 - 410, The copyToken method currently ignores clipboard write
failures, so update AccountSettingsComponent.copyToken to handle
navigator.clipboard.writeText errors explicitly. Refactor the promise flow in
copyToken to async/await or add a catch handler, and on failure use
messageService.add to show an error toast instead of only setting tokenCopied on
success. Keep the existing success path and tokenCopied reset behavior intact.

Source: Coding guidelines

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@apps/lfx-one/src/app/modules/profile/profile.routes.ts`:
- Around line 45-46: The legacy profile route currently uses a bare redirectTo
to /settings, which drops users at the top of settings instead of the developer
section. Update the profile.routes.ts entry for the developer path so it
preserves the deep link target /settings#developer-settings, likely by routing
through a small redirect component or guard instead of static redirectTo. Use
the existing route definition for the developer path as the place to adjust, and
ensure old /profile/developer links land on the anchored developer settings
section.

In
`@apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts`:
- Around line 103-106: The copied state is currently shared through tokenCopied,
so both the v1 and v2 copy buttons show Copied! after either one is clicked.
Update account-settings.component.ts to track copy state separately for each
token/button, and wire the corresponding copy handlers and button label bindings
to the correct signal so only the initiating button changes state. Use the
existing developerToken/developerV1Token and their related copy logic to locate
and split the shared state.

In `@apps/lfx-one/src/app/shared/components/header/header.component.ts`:
- Around line 61-62: The settings shortcut in HeaderComponent is setting a
fragment, but it will not navigate to the developer section unless fragment
scrolling is enabled or the settings page explicitly handles the route fragment.
Update the navigation behavior in header.component.ts so the `/settings` link
with `fragment: 'developer-settings'` actually scrolls to that anchor, either by
enabling anchor scrolling in the router configuration or by handling
`route.fragment` in the settings page component.

---

Outside diff comments:
In
`@apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts`:
- Around line 403-410: The copyToken method currently ignores clipboard write
failures, so update AccountSettingsComponent.copyToken to handle
navigator.clipboard.writeText errors explicitly. Refactor the promise flow in
copyToken to async/await or add a catch handler, and on failure use
messageService.add to show an error toast instead of only setting tokenCopied on
success. Keep the existing success path and tokenCopied reset behavior intact.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 83406d7d-06a8-4db0-8b86-4786e04d4625

📥 Commits

Reviewing files that changed from the base of the PR and between 5578277 and 2418ced.

📒 Files selected for processing (11)
  • apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.html
  • apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.ts
  • apps/lfx-one/src/app/modules/profile/profile.routes.ts
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.html
  • apps/lfx-one/src/app/modules/settings/account-settings/account-settings.component.ts
  • apps/lfx-one/src/app/shared/components/header/header.component.ts
  • apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.html
  • apps/lfx-one/src/app/shared/components/token-reveal-dialog/token-reveal-dialog.component.ts
  • apps/lfx-one/src/app/shared/services/user.service.ts
  • apps/lfx-one/src/server/controllers/profile.controller.ts
  • packages/shared/src/interfaces/profile.interface.ts
💤 Files with no reviewable changes (2)
  • apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.ts
  • apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.html

Comment thread apps/lfx-one/src/app/modules/profile/profile.routes.ts Outdated
Comment thread apps/lfx-one/src/app/shared/components/header/header.component.ts
Address review comments from copilot[bot], coderabbitai:

- account-settings: scope "Copied!" state per token so copying one button no
  longer flips both (per coderabbitai, copilot[bot])
- account-settings: handle navigator.clipboard.writeText failure with an error
  toast (per coderabbitai, copilot[bot])
- account-settings: import DynamicDialogModule alongside DialogService
  (per copilot[bot])
- token-reveal-dialog: correct JSDoc to describe the wrapped, scrollable box
  (per copilot[bot])
- app.config: enable router anchorScrolling so #developer-settings scrolls
  (per coderabbitai)
- profile.routes: remove the legacy /profile/developer route;
  /settings#developer-settings is the single canonical location (per coderabbitai)

Resolves 6 review threads.

Signed-off-by: Fayaz G <5818912+fayazg@users.noreply.github.com>
@fayazg

fayazg commented Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Review Feedback Addressed

Commit: be835c0

Changes Made

  • account-settings: scoped the "Copied!" state per token (tokenCopied() holds 'v2' | 'v1' | null) so copying one button no longer flips both (per coderabbitai, copilot[bot])
  • account-settings: copyToken now catches navigator.clipboard.writeText failures and shows an error toast (per coderabbitai, copilot[bot])
  • account-settings: imported DynamicDialogModule alongside DialogService (per copilot[bot])
  • token-reveal-dialog: corrected the JSDoc to describe the wrapped, vertically-scrollable box (per copilot[bot])
  • app.config: enabled router anchorScrolling so /settings#developer-settings scrolls to the developer section (per coderabbitai)

Design Decision

  • profile.routes: removed the legacy /profile/developer route rather than maintaining a redirect — /settings#developer-settings is now the single canonical location, reached via the header "Developer Settings" link (per coderabbitai)

Threads Resolved

6 of 6 unresolved threads addressed in this iteration.

Copilot AI review requested due to automatic review settings June 29, 2026 22:10

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 12 out of 12 changed files in this pull request and generated no new comments.

Comments suppressed due to low confidence (1)

apps/lfx-one/src/app/modules/profile/profile.routes.ts:54

  • /profile/developer is removed, but there is no backward-compat redirect in the route table. This contradicts the PR description (“route now redirects to /settings”) and will make existing deep links/bookmarks 404.

Add a redirect entry for the removed route (absolute redirect is fine) so /profile/developer lands on Settings instead of breaking.

      // Backward-compat redirects for old URLs
      { path: 'overview', redirectTo: 'attribution' },
      { path: 'edit', redirectTo: 'attribution' },
      { path: 'affiliations', redirectTo: 'attribution' },
      { path: 'work-experience', redirectTo: 'attribution' },
      { path: 'identity-services', redirectTo: 'identities' },
      { path: 'badges', redirectTo: 'attribution' },
      { path: 'certificates', redirectTo: 'attribution' },
      { path: 'visibility', redirectTo: 'attribution' },
      { path: 'manage', redirectTo: 'attribution' },

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants