Unify all GitLab tokens into a single implementation
Problem to solve
Currently GitLab utilizes a wide variety of tokens:
- Personal Access Tokens
- Deploy Tokens
- CI Job Tokens
- Group Access Tokens
- Project Access Tokens
- OAuth tokens
These tokens are all handled slightly different, with different permissions, scopes, authentication methods, and more. Further, they are all stored in their own separate tables, which means that there can be collisions between tokens of different types.
Target audience
Further details
Proposal
We should try to standardize on a single token type, and simply extend the scopes and rights system so that it supports all of the existing tokens we have today. This would significantly simplify the authentication architecture within GitLab, allow us to focus on improving a single token, and ultimately go faster.
Further, if we standardized on an OAuth token for these token types, we could improve our support for NPM: https://gitlab.com/gitlab-org/gitlab-ee/issues/9140#note_133520809