feat(profile): add developer settings page with API token display

Create comprehensive developer settings page accessible via user menu.
Features secure API token display with masking, copy functionality, and
proper authentication. Includes responsive table design and security
guidelines for developers.

Key features:
- Real-time API token retrieval from OIDC bearer token
- Token masking with fixed-width display for better UX
- One-click copy to clipboard with toast notifications
- Security best practices documentation
- Responsive table layout with consistent styling

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
Signed-off-by: Jordan Evans <jevans@linuxfoundation.org>

Author: jordane

apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.html

@@ -0,0 +1,102 @@
+<!-- Copyright The Linux Foundation and each contributor to LFX. -->
+<!-- SPDX-License-Identifier: MIT -->
+
+<div class="container mx-auto pb-8">
+  <!-- Developer Settings Info Banner -->
+  <lfx-message severity="info" icon="fa-light fa-code" styleClass="mb-6" title="Developer API Access">
+    <ng-template #content>
+      <div class="flex flex-col gap-1">
+        <p class="text-sm">
+          Your API token provides programmatic access to LFX services. Keep this token secure and never share it publicly.
+        </p>
+      </div>
+    </ng-template>
+  </lfx-message>
+
+  <div class="flex flex-col gap-6">
+    <!-- API Token Section -->
+    <lfx-card>
+      <div class="flex flex-col gap-6">
+        <div>
+          <h3 class="text-base font-medium text-gray-900" data-testid="developer-token-heading">API Token</h3>
+          <p class="text-sm text-gray-500 mt-1">Your personal access token for API authentication</p>
+        </div>
+
+        @if (isLoading()) {
+          <div class="flex items-center justify-center py-4" data-testid="developer-token-loading">
+            <i class="fa-light fa-circle-notch fa-spin text-2xl text-blue-400"></i>
+            <span class="ml-3 text-gray-600">Loading token...</span>
+          </div>
+        } @else {
+          <div class="space-y-4">
+            <div class="overflow-x-auto">
+              <table class="min-w-full divide-y divide-gray-200">
+                <thead class="bg-gray-50">
+                  <tr>
+                    <th scope="col" class="px-6 py-3 text-left text-xs font-medium text-gray-500 uppercase tracking-wider">Token</th>
+                    <th scope="col" class="relative px-6 py-3">
+                      <span class="sr-only">Actions</span>
+                    </th>
+                  </tr>
+                </thead>
+                <tbody class="bg-white divide-y divide-gray-200">
+                  <tr>
+                    <td class="px-6 py-4 whitespace-nowrap">
+                      <div class="flex items-center">
+                        <div class="flex-shrink-0">
+                          <i class="fa-light fa-key text-gray-400"></i>
+                        </div>
+                        <div class="ml-3">
+                          <div class="text-sm font-mono text-gray-900" data-testid="api-token-display">
+                            {{ maskToken() ? maskedToken() : apiToken() }}
+                          </div>
+                          <div class="text-xs text-gray-500">Personal Access Token</div>
+                        </div>
+                      </div>
+                    </td>
+                    <td class="px-6 py-4 whitespace-nowrap text-right text-sm font-medium space-x-2">
+                      <button
+                        type="button"
+                        (click)="toggleTokenVisibility()"
+                        class="text-blue-600 hover:text-blue-800 transition-colors"
+                        [attr.data-testid]="'token-visibility-toggle'"
+                        [attr.aria-label]="maskToken() ? 'Show token' : 'Hide token'">
+                        <i [class]="maskToken() ? 'fa-light fa-eye' : 'fa-light fa-eye-slash'" class="text-sm"></i>
+                      </button>
+                      <button
+                        type="button"
+                        (click)="copyToken()"
+                        class="text-blue-600 hover:text-blue-800 transition-colors"
+                        data-testid="copy-token-button"
+                        aria-label="Copy token to clipboard">
+                        <i class="fa-light fa-copy text-sm"></i>
+                      </button>
+                    </td>
+                  </tr>
+                </tbody>
+              </table>
+            </div>
+
+            <!-- Token Usage Guidelines -->
+            <div class="bg-amber-50 border border-amber-200 rounded-lg p-4">
+              <div class="flex">
+                <div class="flex-shrink-0">
+                  <i class="fa-light fa-exclamation-triangle text-amber-600"></i>
+                </div>
+                <div class="ml-3">
+                  <h4 class="text-sm font-medium text-amber-800">Security Guidelines</h4>
+                  <div class="mt-2 text-sm text-amber-700">
+                    <ul class="list-disc list-inside space-y-1">
+                      <li>This token is short-lived and automatically regenerated by the system</li>
+                      <li>Never commit this token to version control</li>
+                    </ul>
+                  </div>
+                </div>
+              </div>
+            </div>
+          </div>
+        }
+      </div>
+    </lfx-card>
+  </div>
+</div>

apps/lfx-one/src/app/modules/profile/developer/profile-developer.component.ts

@@ -0,0 +1,100 @@
+// Copyright The Linux Foundation and each contributor to LFX.
+// SPDX-License-Identifier: MIT
+
+import { CommonModule } from '@angular/common';
+import { Component, computed, inject, OnInit, signal } from '@angular/core';
+import { CardComponent } from '@shared/components/card/card.component';
+import { MessageComponent } from '@shared/components/message/message.component';
+import { UserService } from '@shared/services/user.service';
+import { MessageService } from 'primeng/api';
+import { ToastModule } from 'primeng/toast';
+import { finalize } from 'rxjs';
+
+@Component({
+  selector: 'lfx-profile-developer',
+  standalone: true,
+  imports: [CommonModule, CardComponent, MessageComponent, ToastModule],
+  providers: [MessageService],
+  templateUrl: './profile-developer.component.html',
+})
+export class ProfileDeveloperComponent implements OnInit {
+  private readonly userService = inject(UserService);
+  private readonly messageService = inject(MessageService);
+
+  // State signals
+  private readonly loadingSignal = signal<boolean>(false);
+  private readonly apiTokenSignal = signal<string>('');
+
+  public readonly isLoading = computed(() => this.loadingSignal());
+  public readonly apiToken = computed(() => this.apiTokenSignal());
+
+  // Token visibility toggle
+  public maskToken = signal<boolean>(true);
+
+  // Computed masked token
+  public readonly maskedToken = computed(() => {
+    const token = this.apiToken();
+    if (!token) return '';
+    if (token.length <= 8) return '*'.repeat(token.length);
+    // Show first 4 chars + fixed number of asterisks + last 4 chars for better UX
+    return token.substring(0, 4) + '••••••••••••' + token.substring(token.length - 4);
+  });
+
+  public ngOnInit(): void {
+    this.loadTokenData();
+  }
+
+  public toggleTokenVisibility(): void {
+    this.maskToken.set(!this.maskToken());
+  }
+
+  public async copyToken(): Promise<void> {
+    const token = this.apiToken();
+    if (!token) {
+      this.messageService.add({
+        severity: 'warn',
+        summary: 'No Token',
+        detail: 'No API token available to copy.',
+      });
+      return;
+    }
+
+    try {
+      await navigator.clipboard.writeText(token);
+      this.messageService.add({
+        severity: 'success',
+        summary: 'Copied',
+        detail: 'API token copied to clipboard successfully.',
+      });
+    } catch (error) {
+      console.error('Failed to copy token:', error);
+      this.messageService.add({
+        severity: 'error',
+        summary: 'Copy Failed',
+        detail: 'Failed to copy token to clipboard. Please try again.',
+      });
+    }
+  }
+
+  private loadTokenData(): void {
+    this.loadingSignal.set(true);
+
+    this.userService
+      .getDeveloperTokenInfo()
+      .pipe(finalize(() => this.loadingSignal.set(false)))
+      .subscribe({
+        next: (tokenInfo) => {
+          this.apiTokenSignal.set(tokenInfo.token);
+        },
+        error: (error) => {
+          console.error('Failed to load developer token:', error);
+          this.apiTokenSignal.set('Error loading token');
+          this.messageService.add({
+            severity: 'error',
+            summary: 'Token Error',
+            detail: 'Failed to load API token. Please refresh the page.',
+          });
+        },
+      });
+  }
+}

apps/lfx-one/src/app/modules/profile/profile.routes.ts

@@ -16,4 +16,8 @@ export const PROFILE_ROUTES: Routes = [
     path: 'email',
     loadComponent: () => import('./email/profile-email.component').then((m) => m.ProfileEmailComponent),
   },
+  {
+    path: 'developer',
+    loadComponent: () => import('./developer/profile-developer.component').then((m) => m.ProfileDeveloperComponent),
+  },
 ];

apps/lfx-one/src/app/shared/components/header/header.component.ts

@@ -57,7 +57,7 @@ export class HeaderComponent {
     {
       label: 'Developer Settings',
       icon: 'fa-light fa-cog',
-      target: '_blank',
+      routerLink: '/profile/developer',
     },
     {
       separator: true,

apps/lfx-one/src/app/shared/services/user.service.ts

@@ -123,4 +123,11 @@ export class UserService {
   public getTwoFactorSettings(): Observable<TwoFactorSettings> {
     return this.http.get<TwoFactorSettings>('/api/profile/2fa-settings').pipe(take(1));
   }
+
+  /**
+   * Get developer token information
+   */
+  public getDeveloperTokenInfo(): Observable<{ token: string; type: string }> {
+    return this.http.get<{ token: string; type: string }>('/api/profile/developer').pipe(take(1));
+  }
 }

apps/lfx-one/src/server/controllers/profile.controller.ts

@@ -598,4 +598,59 @@ export class ProfileController {
       next(error);
     }
   }
+
+  /**
+   * GET /api/profile/developer - Get current user's developer token information
+   */
+  public async getDeveloperTokenInfo(req: Request, res: Response, next: NextFunction): Promise<void> {
+    const startTime = Logger.start(req, 'get_developer_token_info');
+
+    try {
+      // Get user ID from auth context
+      const userId = await getUsernameFromAuth(req);
+
+      if (!userId) {
+        Logger.error(req, 'get_developer_token_info', startTime, new Error('User not authenticated or user ID not found'));
+
+        const validationError = ServiceValidationError.forField('user_id', 'User authentication required', {
+          operation: 'get_developer_token_info',
+          service: 'profile_controller',
+          path: req.path,
+        });
+
+        return next(validationError);
+      }
+
+      // Extract the bearer token from the request (set by auth middleware)
+      const bearerToken = req.bearerToken;
+
+      if (!bearerToken) {
+        Logger.error(req, 'get_developer_token_info', startTime, new Error('No bearer token available'));
+
+        const validationError = ServiceValidationError.forField('token', 'No API token available for user', {
+          operation: 'get_developer_token_info',
+          service: 'profile_controller',
+          path: req.path,
+        });
+
+        return next(validationError);
+      }
+
+      // Return token information
+      const tokenInfo = {
+        token: bearerToken,
+        type: 'Bearer',
+      };
+
+      Logger.success(req, 'get_developer_token_info', startTime, {
+        user_id: userId,
+        token_length: bearerToken.length,
+      });
+
+      res.json(tokenInfo);
+    } catch (error) {
+      Logger.error(req, 'get_developer_token_info', startTime, error);
+      next(error);
+    }
+  }
 }

apps/lfx-one/src/server/routes/profile.route.ts

@@ -43,4 +43,7 @@ router.get('/email-preferences', (req, res, next) => profileController.getEmailP
 // PUT /api/profile/email-preferences - Update user email preferences
 router.put('/email-preferences', (req, res, next) => profileController.updateEmailPreferences(req, res, next));
 
+// GET /api/profile/developer - Get current user's developer token information
+router.get('/developer', (req, res, next) => profileController.getDeveloperTokenInfo(req, res, next));
+
 export default router;