Skip to content

fix(keys): validation legacy keys post refacto#941

Merged
leoguillaume merged 3 commits into
mainfrom
716-bug-validation-keys
Jun 29, 2026
Merged

fix(keys): validation legacy keys post refacto#941
leoguillaume merged 3 commits into
mainfrom
716-bug-validation-keys

Conversation

@leoguillaume

@leoguillaume leoguillaume commented Jun 29, 2026

Copy link
Copy Markdown
Member

Overview

This PR fixes API key validation for existing keys that stopped working after the auth/keys refactor. Two issues were identified in the JWT expiration claim:

  1. The expiration field was renamed during key creation and decoding, from expires_at to expires.
  2. Some legacy keys contain an expiration date that does not match the one stored in the database. The refactor tightened key validation by adding a consistency check between the expiration date in the key and the one in the database. That check invalidated all affected legacy keys.

Changes

This PR fixes both issues:

  • Key validation falls back to the expires_at claim when expires is not present
  • Removal of the consistency check between the database expiration date and the one in the key
  • Added comments to remove these fixes after 2027-08-10, when all affected legacy keys will have expired
  • Added integration tests to verify legacy key support

Title suggestion: fix: legacy API key validation after auth/keys refactor

Breaking changes:

  • No breaking changes
  • This PR contains breaking changes (explain below)

Check lists

Review checklist

Before requesting a review, please take a moment to confirm that the following aspects have been considered and addressed. This section helps ensure the PR is ready for review, safe to merge, and deployable. If any items are left unchecked, please add a brief explanation for context.

  • Updated or added documentation
  • Updated or added unit tests
  • Updated or added integration tests
  • No debug logs or commented-out code left
  • No secrets or environment variables committed in clear text
  • Code is linted and formatted using the project pre-commit hooks

If api/sql/models.py has been modified, please confirm that the following steps have been completed:

  • Alembic migration has been generated
  • Alembic migration upgrade has been tested locally
  • Alembic migration downgrade has been tested locally

Deployment checklist

For each of the following items, please confirm if the PR concerns the deployment of the changes:

  • Alembic migration has been generated
  • Configuration file has been modified
  • Environment variables have been modified

If new or updated environment variables are required, please list them here, otherwise delete this part. If other special deployment steps are required, please describe them here, otherwise delete this part.

Additional Notes

Please provide any additional information or context that may be relevant to this PR, otherwise delete this part. This could be any specific areas you would like the reviewers to focus on during their review of this PR (complex logic, risky changes, performance-sensitive code, etc.)

@leoguillaume leoguillaume self-assigned this Jun 29, 2026
@leoguillaume leoguillaume changed the title 716 bug validation keys fix(keys): validation legacy keys post refacto Jun 29, 2026
@leoguillaume leoguillaume merged commit 9ec7894 into main Jun 29, 2026
@leoguillaume leoguillaume deleted the 716-bug-validation-keys branch June 29, 2026 15:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant