upcoming, change: [M3-7524] - Add child_account OAuth scope to Create and View PAT drawers

[mjac0bs]

Description 📝

New Scope:
Introduce a new OAuth scope named "child_account" for all users, but visible only to "Parent" accounts. As per API spec: its purpose is to allow Parent Account Users with the child_account_access grant to specify a Token with less permission than their User, i.e. a Token that is unable to list and/or create Tokens for the Child Account(s).

Token Configuration:
Default all scopes to none for users. Users should enable scopes as needed, contrary to having the initial state set to read_write.

Changes 🔄

• In the Create PAT drawer, a new "Child Account Access" scope is visible for parent users.
• In the View PAT drawer, a new "Child Account Access" scope is visible for parent users.

Preview 📷

Before	After

How to test 🧪

Prerequisites

(How to setup test environment)

• Check out this PR and yarn dev.
• In the dev tools:
  • Make sure the Parent/Child Account Switching feature flag is on.
  • Turn mocks on.

Verification steps

(How to verify changes)

• Go to http://localhost:3000/profile/tokens and click the Create a Personal Access Token button.
• Observe that "Child Account Access" is visible as a new scope and all scopes default to None.
• On the tokens landing page, click the View Scope button for any mock PAT.
• Observe that the "Child Account Access" scope is visible in the table.
• Toggle the feature flag off and observe that the Child Account Access token is not visible in the Create or View drawers and all scopes default to Read/Write.
• Toggle the feature flag back on.
• Go to serverHandler.ts and edit the following request to change the user_type to null, child, or proxy:

  rest.get('*/account/users/:user', (req, res, ctx) => {
    // Parent/Child: switch the `user_type` depending on what account view you need to mock.
    return res(ctx.json(accountUserFactory.build({ user_type: 'parent' })));
  }),

• Observe that the Child Account Access token is not visible in the Create or View drawers.
• Verify tests pass:

yarn test utils CreateAPITokenDrawer ViewAPITokenDrawer

As an Author I have considered 🤔

Check all that apply

• 👀 Doing a self review
• ❔ Our contribution guidelines
• 🤏 Splitting feature into small PRs
• ➕ Adding a changeset
• 🧪 Providing/Improving test coverage
• 🔐 Removing all sensitive information from the code and PR description
• 🚩 Using a feature flag to protect the release
• 👣 Providing comprehensive reproduction steps
• 📑 Providing or updating our documentation
• 🕛 Scheduling a pair reviewing session
• 📱 Providing mobile support
• ♿ Providing accessibility support

[jaalah-akamai]

Approving pending some revisions - I was able to test everything as listed and the tests passed ✅

[tyler-akamai]

Verified:

• The "Child Account Access" is visible as a new scope and all scopes default to None.
• The "Child Account Access" scope is visible in the table.
• The Child Account Access token is not visible in the Create or View drawers and all scopes default to Read/Write when feature flag is turned off
• The Child Account Access token is not visible in the Create or View drawers after making the code change
• yarn test utils CreateAPITokenDrawer ViewAPITokenDrawer passes
• General code review

LGTM 🚀

[github-actions]

Coverage Report: ✅
Base Coverage: 78.07%
Current Coverage: 78.07%