[BE] GraphQL: Secure gitlab.com to customers-dot proxy
The current gitlab.com to customers-dot graphql proxy works fine for unauthenticated resources but we need a way to securely access customer-dot resources from gitlab.com. I can think of two possible solutions:
Reuse email and token?
Can we use the customer email and token like we do here? We might be able to just attach the headers to the payload here?
Don't reauth
Since we control both gitlab.com and customers-dot and the user is presumably already authed on gitlab.com we shouldn't need to reauth on customers-dot. Can we just attach the current logged in gitlab.com user id at the gitlab.com proxy controller level and secure the api between them via SSL? Whitelist? Can we just reuse the admin token?
Edited by Michael Lunøe