coder
diff --git a/‎cli/tokens.go
Lines changed: 7 additions & 2 deletions b/‎cli/tokens.go
Lines changed: 7 additions & 2 deletions
diff --git a/‎coderd/apidoc/docs.go
Lines changed: 44 additions & 2 deletions b/‎coderd/apidoc/docs.go
Lines changed: 44 additions & 2 deletions
diff --git a/‎coderd/apidoc/swagger.json
Lines changed: 40 additions & 2 deletions b/‎coderd/apidoc/swagger.json
Lines changed: 40 additions & 2 deletions
diff --git a/‎coderd/apikey.go
Lines changed: 43 additions & 3 deletions b/‎coderd/apikey.go
Lines changed: 43 additions & 3 deletions
diff --git a/‎coderd/coderd.go
Lines changed: 4 additions & 1 deletion b/‎coderd/coderd.go
Lines changed: 4 additions & 1 deletion
diff --git a/‎coderd/coderdtest/authorize.go
Lines changed: 4 additions & 0 deletions b/‎coderd/coderdtest/authorize.go
Lines changed: 4 additions & 0 deletions
diff --git a/‎coderd/users_test.go
Lines changed: 7 additions & 7 deletions b/‎coderd/users_test.go
Lines changed: 7 additions & 7 deletions
diff --git a/‎coderd/workspaceapps_test.go
Lines changed: 2 additions & 2 deletions b/‎coderd/workspaceapps_test.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎codersdk/apikey.go
Lines changed: 19 additions & 5 deletions b/‎codersdk/apikey.go
Lines changed: 19 additions & 5 deletions
@@ -179,7 +179,7 @@ func listTokens() *cobra.Command {
 
 func removeToken() *cobra.Command {
 	cmd := &cobra.Command{
-		Use:     "remove [id]",
+		Use:     "remove [name]",
 		Aliases: []string{"rm"},
 		Short:   "Delete a token",
 		Args:    cobra.ExactArgs(1),
@@ -189,7 +189,12 @@ func removeToken() *cobra.Command {
 				return xerrors.Errorf("create codersdk client: %w", err)
 			}
 
-			err = client.DeleteAPIKey(cmd.Context(), codersdk.Me, args[0])
+			token, err := client.APIKeyByName(cmd.Context(), codersdk.Me, args[0])
+			if err != nil {
+				return xerrors.Errorf("delete api key: %w", err)
+			}
+
+			err = client.DeleteAPIKey(cmd.Context(), codersdk.Me, token.ID)
 			if err != nil {
 				return xerrors.Errorf("delete api key: %w", err)
 			}
 
@@ -152,16 +152,16 @@ func (api *API) postAPIKey(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(ctx, rw, http.StatusCreated, codersdk.GenerateAPIKeyResponse{Key: cookie.Value})
 }
 
-// @Summary Get API key
-// @ID get-api-key
+// @Summary Get API key by ID
+// @ID get-api-key-by-id
 // @Security CoderSessionToken
 // @Produce json
 // @Tags Users
 // @Param user path string true "User ID, name, or me"
 // @Param keyid path string true "Key ID" format(uuid)
 // @Success 200 {object} codersdk.APIKey
 // @Router /users/{user}/keys/{keyid} [get]
-func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
+func (api *API) apiKeyByID(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
 	keyID := chi.URLParam(r, "keyid")
@@ -186,6 +186,46 @@ func (api *API) apiKey(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(ctx, rw, http.StatusOK, convertAPIKey(key))
 }
 
+// @Summary Get API key by token name
+// @ID get-api-key-by-name
+// @Security CoderSessionToken
+// @Produce json
+// @Tags Users
+// @Param user path string true "User ID, name, or me"
+// @Param keyname path string true "Key Name" format(string)
+// @Success 200 {object} codersdk.APIKey
+// @Router /users/{user}/keys/tokens/{keyname} [get]
+func (api *API) apiKeyByName(rw http.ResponseWriter, r *http.Request) {
+	var (
+		ctx       = r.Context()
+		user      = httpmw.UserParam(r)
+		tokenName = chi.URLParam(r, "keyname")
+	)
+
+	token, err := api.Database.GetAPIKeyByName(ctx, database.GetAPIKeyByNameParams{
+		TokenName: tokenName,
+		UserID:    user.ID,
+	})
+	if errors.Is(err, sql.ErrNoRows) {
+		httpapi.ResourceNotFound(rw)
+		return
+	}
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{
+			Message: "Internal error fetching API key.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
+	if !api.Authorize(r, rbac.ActionRead, token) {
+		httpapi.ResourceNotFound(rw)
+		return
+	}
+
+	httpapi.Write(ctx, rw, http.StatusOK, convertAPIKey(token))
+}
+
 // @Summary Get user tokens
 // @ID get-user-tokens
 // @Security CoderSessionToken
 
@@ -556,9 +556,12 @@ func New(options *Options) *API {
 						r.Route("/tokens", func(r chi.Router) {
 							r.Post("/", api.postToken)
 							r.Get("/", api.tokens)
+							r.Route("/{keyname}", func(r chi.Router) {
+								r.Get("/", api.apiKeyByName)
+							})
 						})
 						r.Route("/{keyid}", func(r chi.Router) {
-							r.Get("/", api.apiKey)
+							r.Get("/", api.apiKeyByID)
 							r.Delete("/", api.deleteAPIKey)
 						})
 					})
 
@@ -95,6 +95,10 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 			AssertObject: rbac.ResourceAPIKey,
 			AssertAction: rbac.ActionRead,
 		},
+		"GET:/api/v2/users/{user}/keys/tokens/{keyname}": {
+			AssertObject: rbac.ResourceAPIKey,
+			AssertAction: rbac.ActionRead,
+		},
 		"GET:/api/v2/workspacebuilds/{workspacebuild}": {
 			AssertAction: rbac.ActionRead,
 			AssertObject: workspaceRBACObj,
 
@@ -266,15 +266,15 @@ func TestPostLogin(t *testing.T) {
 		defer cancel()
 
 		split := strings.Split(client.SessionToken(), "-")
-		key, err := client.APIKey(ctx, admin.UserID.String(), split[0])
+		key, err := client.APIKeyByID(ctx, admin.UserID.String(), split[0])
 		require.NoError(t, err, "fetch login key")
 		require.Equal(t, int64(86400), key.LifetimeSeconds, "default should be 86400")
 
 		// tokens have a longer life
 		token, err := client.CreateToken(ctx, codersdk.Me, codersdk.CreateTokenRequest{})
 		require.NoError(t, err, "make new token api key")
 		split = strings.Split(token.Key, "-")
-		apiKey, err := client.APIKey(ctx, admin.UserID.String(), split[0])
+		apiKey, err := client.APIKeyByID(ctx, admin.UserID.String(), split[0])
 		require.NoError(t, err, "fetch api key")
 
 		require.True(t, apiKey.ExpiresAt.After(time.Now().Add(time.Hour*24*29)), "default tokens lasts more than 29 days")
@@ -356,7 +356,7 @@ func TestPostLogout(t *testing.T) {
 		defer cancel()
 
 		keyID := strings.Split(client.SessionToken(), "-")[0]
-		apiKey, err := client.APIKey(ctx, admin.UserID.String(), keyID)
+		apiKey, err := client.APIKeyByID(ctx, admin.UserID.String(), keyID)
 		require.NoError(t, err)
 		require.Equal(t, keyID, apiKey.ID, "API key should exist in the database")
 
@@ -385,7 +385,7 @@ func TestPostLogout(t *testing.T) {
 		}
 		require.True(t, found, "auth cookie should be returned")
 
-		_, err = client.APIKey(ctx, admin.UserID.String(), keyID)
+		_, err = client.APIKeyByID(ctx, admin.UserID.String(), keyID)
 		sdkErr := &codersdk.Error{}
 		require.ErrorAs(t, err, &sdkErr)
 		require.Equal(t, http.StatusUnauthorized, sdkErr.StatusCode(), "Expecting 401")
@@ -723,7 +723,7 @@ func TestUpdateUserPassword(t *testing.T) {
 
 		// Trying to get an API key should fail since our client's token
 		// has been deleted.
-		_, err = client.APIKey(ctx, user.UserID.String(), apikey1.Key)
+		_, err = client.APIKeyByID(ctx, user.UserID.String(), apikey1.Key)
 		require.Error(t, err)
 		cerr := coderdtest.SDKError(t, err)
 		require.Equal(t, http.StatusUnauthorized, cerr.StatusCode())
@@ -738,12 +738,12 @@ func TestUpdateUserPassword(t *testing.T) {
 
 		// Trying to get an API key should fail since all keys are deleted
 		// on password change.
-		_, err = client.APIKey(ctx, user.UserID.String(), apikey1.Key)
+		_, err = client.APIKeyByID(ctx, user.UserID.String(), apikey1.Key)
 		require.Error(t, err)
 		cerr = coderdtest.SDKError(t, err)
 		require.Equal(t, http.StatusNotFound, cerr.StatusCode())
 
-		_, err = client.APIKey(ctx, user.UserID.String(), apikey2.Key)
+		_, err = client.APIKeyByID(ctx, user.UserID.String(), apikey2.Key)
 		require.Error(t, err)
 		cerr = coderdtest.SDKError(t, err)
 		require.Equal(t, http.StatusNotFound, cerr.StatusCode())
 
@@ -438,7 +438,7 @@ func TestWorkspaceApplicationAuth(t *testing.T) {
 		// Get the current user and API key.
 		user, err := client.User(ctx, codersdk.Me)
 		require.NoError(t, err)
-		currentAPIKey, err := client.APIKey(ctx, firstUser.UserID.String(), strings.Split(client.SessionToken(), "-")[0])
+		currentAPIKey, err := client.APIKeyByID(ctx, firstUser.UserID.String(), strings.Split(client.SessionToken(), "-")[0])
 		require.NoError(t, err)
 
 		// Try to load the application without authentication.
@@ -500,7 +500,7 @@ func TestWorkspaceApplicationAuth(t *testing.T) {
 		apiKey := cookies[0].Value
 
 		// Fetch the API key.
-		apiKeyInfo, err := client.APIKey(ctx, firstUser.UserID.String(), strings.Split(apiKey, "-")[0])
+		apiKeyInfo, err := client.APIKeyByID(ctx, firstUser.UserID.String(), strings.Split(apiKey, "-")[0])
 		require.NoError(t, err)
 		require.Equal(t, user.ID, apiKeyInfo.UserID)
 		require.Equal(t, codersdk.LoginTypePassword, apiKeyInfo.LoginType)
 
@@ -121,8 +121,8 @@ func (c *Client) Tokens(ctx context.Context, userID string, filter TokensFilter)
 	return apiKey, json.NewDecoder(res.Body).Decode(&apiKey)
 }
 
-// APIKey returns the api key by id.
-func (c *Client) APIKey(ctx context.Context, userID string, id string) (*APIKey, error) {
+// APIKeyByID returns the api key by id.
+func (c *Client) APIKeyByID(ctx context.Context, userID string, id string) (*APIKey, error) {
 	res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/users/%s/keys/%s", userID, id), nil)
 	if err != nil {
 		return nil, err
@@ -135,9 +135,23 @@ func (c *Client) APIKey(ctx context.Context, userID string, id string) (*APIKey,
 	return apiKey, json.NewDecoder(res.Body).Decode(apiKey)
 }
 
-// DeleteAPIKey deletes API key by name.
-func (c *Client) DeleteAPIKey(ctx context.Context, userID string, name string) error {
-	res, err := c.Request(ctx, http.MethodDelete, fmt.Sprintf("/api/v2/users/%s/keys/%s", userID, name), nil)
+// APIKeyByName returns the api key by name.
+func (c *Client) APIKeyByName(ctx context.Context, userID string, name string) (*APIKey, error) {
+	res, err := c.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/users/%s/keys/tokens/%s", userID, name), nil)
+	if err != nil {
+		return nil, err
+	}
+	defer res.Body.Close()
+	if res.StatusCode > http.StatusCreated {
+		return nil, ReadBodyAsError(res)
+	}
+	apiKey := &APIKey{}
+	return apiKey, json.NewDecoder(res.Body).Decode(apiKey)
+}
+
+// DeleteAPIKey deletes API key by id.
+func (c *Client) DeleteAPIKey(ctx context.Context, userID string, id string) error {
+	res, err := c.Request(ctx, http.MethodDelete, fmt.Sprintf("/api/v2/users/%s/keys/%s", userID, id), nil)
 	if err != nil {
 		return err
 	}