docs: GitLab Duo requires api/read_user token scope
Description
GitLab Duo Code Suggestions/Chat, and the underlying Language Server, require the personal access token scope api
and read_user
The documentation generally requires api
for all GitLab interactions. This MR adds a note specifically for GitLab Duo, documenting the different token scopes.
Related Issues
How has this been tested?
Customer feedback
When we tested with VS Code 1.90, it has asked for
read_user
scope as well.
Slack discussion with @erran (internal) https://gitlab.slack.com/archives/C058YCHP17C/p1718729813400579
for now we should fix the docs to mention
api
andread_user
for now since that is what the GitLab Language Server validates on the client-side as a pre-flight check.Dylan opened gitlab-org/gitlab#463862 recently after closing gitlab-org/gitlab#455023 which argued that ai_features should be sufficient for Duo functionality.
read_user
scope doesn't add any additional permissions sinceapi
grants the token all the things. In the future we want to supportread_user
andai_features
among other more fine-grained tokens rather than needingread_api
orapi
level permissions.
Screenshots (if appropriate)
What CHANGELOG entry will this MR create?
-
fix:
Bug fix fixes - a user-facing issue in production - included in changelog -
feature:
New feature - a user-facing change which adds functionality - included in changelog -
BREAKING CHANGE:
(fix or feature that would cause existing functionality to change) - should bump major version, mentioned in the changelog -
None - other non-user-facing changes