Frontend: Remove ability to toggle secure JWT token feature on/off (on as default behavior)
Summary
There are three methods to use a JSON web token
- old method using the CI_JOB_JWT (secrets: keyword)
- Alpha version using the CI_JOB_JWT_V2
- Production-ready OIDC using the following syntax
auth_job:
secrets:
VAULT_JWT_1:
id_token:
aud: 'devs'
STAGING_DATABASE_PASSWORD: # VAULT_JWT_1 is the token to be used
vault: staging/db/password@ops
To use the production-ready OIDC a project setting was introduced to avoid having a ~breaking change by default it should behave more securely with new projects without breaking compatibility with existing projects.
Proposal
- Always use the feature like the setting is enabled(3rd option) also for existing projects that have this feature disabled
- Remove ability to toggle this feature on/off leaving the ability to add/remove projects to the job token scope
Note: There may be some additional backend work needed here but the intention for this issue is only frontend efforts for now.
Additional details
Some relevant technical details, if applicable, such as:
- Does this need a feature flag?
- Is there an example response showing the data structure that should be returned (new endpoints only)?
- What permissions should be used?
- Is this EE or CE?
-
EE -
CE
-
- Additional comments:
Implementation Table
Group | Issue Link |
---|---|
frontend |
|
backend | TBD |