add allowlist

Author: sentaur-athena

src/sentry/api/authentication.py

@@ -5,6 +5,7 @@
 from collections.abc import Callable, Iterable
 from typing import Any, ClassVar
 
+import sentry_sdk
 from django.conf import settings
 from django.contrib.auth.models import AnonymousUser
 from django.urls import resolve
@@ -19,7 +20,6 @@
 from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.request import Request
 from sentry_relay.exceptions import UnpackError
-import sentry_sdk
 
 from sentry import options
 from sentry.auth.services.auth import AuthenticatedToken
@@ -443,9 +443,11 @@ def authenticate_token(self, request: Request, token_str: str) -> tuple[Any, Any
                         raise AuthenticationFailed("Unauthorized organization access.")
                 else:
                     # We want to limit org scoped tokens access to org level endpoints only
-                    raise AuthenticationFailed(
-                        "This token access is limited to organization endpoints."
-                    )
+                    # Or none org level endpoints that we added special treatments for
+                    if resolved_url.url_name not in ["sentry-api-0-organizations"]:
+                        raise AuthenticationFailed(
+                            "This token access is limited to organization endpoints."
+                        )
             else:
                 sentry_sdk.capture_message(
                     "Could not resolve organization for organization scoped token", level="warning"