New endpoint to return token associations
Proposal
At Security Operations, we developed our own in-house tool, Token Scoper, to analyse token associations (group and project memberships) in order to speed up the response to leaked PATs incidents and assess impact more efficiently. As part of our dogfooding efforts within the division, we want to integrate the Token Scoper within the product. This can be done by creating a new API endpoint that would return the same information the Token Scoper would for a given personal / project / group access token.
The new endpoint would live at /personal_access_tokens/self/associations
and would return something like that:
{
"projects" : [
{ "name" : "aaaa", "id": 123, "namespace" : "aaag", "web_url" : "https://aaaa" },
{ "name" : "bbbb", "id": 234, "namespace" : "bbbg", "web_url" : "https://bbbb" }
],
"groups" : [
{ "name" : "cccc", "id": 345, "parent" : "cccg", "organization" : "ccco", "web_url" : "https://ccc" }
]
}
We also want to include some sort of filter on permission levels, so that it only returns entries above a certain permission level.