Skip to content

feat(coderd): filter expired API tokens server-side#22263

Merged
kacpersaw merged 6 commits intomainfrom
kacpersaw/server-side-token-filtering
Feb 24, 2026
Merged

feat(coderd): filter expired API tokens server-side#22263
kacpersaw merged 6 commits intomainfrom
kacpersaw/server-side-token-filtering

Conversation

@kacpersaw
Copy link
Contributor

@kacpersaw kacpersaw commented Feb 23, 2026

Summary

Moves expired token filtering from client-side to server-side by adding an include_expired parameter to the GetAPIKeysByLoginType and GetAPIKeysByUserID database queries. This is more efficient for large deployments with many expired/short-lived tokens.

Changes

  • Add include_expired parameter to SQL queries using OR short-circuit
  • Add include_expired query parameter to GET /users/{user}/keys/tokens
  • Add IncludeExpired field to codersdk.TokensFilter
  • Remove client-side filtering from CLI tokens list command
  • Add TestTokensFilterExpired test

Fixes coder/internal#1357

@kacpersaw
feat(coderd): filter expired API tokens server-side
34f3fc4 
Moves expired token filtering from client-side to server-side by adding
an include_expired parameter to the GetAPIKeysByLoginType and
GetAPIKeysByUserID database queries. This is more efficient for large
deployments with many expired/short-lived tokens.

Changes:
- Add include_expired parameter to SQL queries using OR short-circuit
- Add include_expired query parameter to GET /users/{user}/keys/tokens
- Add IncludeExpired field to codersdk.TokensFilter
- Remove client-side filtering from CLI tokens list command
- Add TestTokensFilterExpired test

Fixes coder/internal#1357
@kacpersaw
fix: address CI failures in Go fmt and TypeScript callers
6bd0ff9 
- Fix Go formatting alignment in coderd/apikey.go
- Add include_expired to frontend TokensFilter callers
- Pass include_expired through hooks to API
@kacpersaw
fix: add IncludeExpired to TestDeleteExpiredAPIKeys queries
eea19aa
@kacpersaw
fix: format hooks.ts for biome
7c5783b
@kacpersaw kacpersaw marked this pull request as ready for review February 24, 2026 14:02
@kacpersaw kacpersaw requested a review from johnstcn February 24, 2026 14:02
@coder-tasks
Copy link
Contributor

coder-tasks bot commented Feb 24, 2026
edited
Loading

Documentation Check

Updates Needed

  • docs/admin/users/sessions-tokens.md - Updated to state expired tokens are hidden by default and added --include-expired flag example.

New Documentation Needed

  • coderd/apikey.go (Swagger annotation) - Added @Param include_expired query bool false "Include expired tokens in the list" annotation; docs/reference/api/users.md now documents the new query parameter.

Automated review via Coder Tasks

johnstcn
johnstcn approved these changes Feb 24, 2026
View reviewed changes
Copy link
Member

@johnstcn johnstcn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!

@kacpersaw kacpersaw enabled auto-merge (squash) February 24, 2026 14:52
@kacpersaw kacpersaw merged commit 1e27406 into main Feb 24, 2026
90 of 98 checks passed
@kacpersaw kacpersaw deleted the kacpersaw/server-side-token-filtering branch February 24, 2026 15:27
@github-actions github-actions bot locked and limited conversation to collaborators Feb 24, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@johnstcn johnstcn johnstcn approved these changes

Assignees

@kacpersaw kacpersaw

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Add the capability to filter API tokens server-side

2 participants

@kacpersaw @johnstcn