Request OAuth access token using PCKE authorization flow in the Web IDE

Problem statement

In order to enable the extensions Marketplace and the Settings Sync feature in the Web IDE, we need to implement a OAuth authorization code flow to authenticate and authorize API requests.

Proposal

Implement an OAuth PCKE authorization code flow in the Web IDE rails controller. The Web IDE will rely on creating a "trusted OAuth application" in the GitLab instance to bypass the user authorization step of the OAuth flow.

sequenceDiagram
actor A as User
box GitLab realm
participant B as IDEController
participant C as GitLab OAuth identity provider
participant D as SecretsStorageProvider
end
A->>B: opens Web IDE
activate C
B->>C: request authorization code
C-->>B: authorization code
B->>C: request access token
C-->>B: access token + refresh token
B->>D: Pass access token, scope and account info
deactivate C

Edited Aug 15, 2023 by Enrique Alcántara