Extend job_token_allowed in API to accept array of accepted methods
Problem to solve
A while back, we added job_token_allowed: :basic_auth
, which makes the endpoint accept a CI job token, but only for basic auth. It is also possible to set job_token_allowed: true
, but then it supports all methods except basic auth.
See this discussion for more context !111751 (comment 1282437584)
Proposal
Make job_token_allowed
also accept an array of the accepted authentication options. Introduce an option :request
as a more descriptive alternative to true
:
# ONLY traditional job token headers
job_token_allowed: true
job_token_allowed: :request
# ONLY basic auth
job_token_allowed: true
# EITHER
job_token_allowed: [:request, :basic_auth]
The code snippet in !111751 (comment 1282455080) is almost there
Edited by Viktor Nagy (GitLab)