Admin Token API: Runner Authentication Tokens

Proposal

The Admin Token API allows getting information about arbitrary tokens. It can be used e.g. in the context of leaked tokens, to identify what a token does.

It currently lacks support for Runner Authentication Tokens for identification, as well as revocation. See the current implementation status.

POST /api/v4/admin/token

Should return information about the runner that the token is associated with:

{
	"id": 32,
	"description": "test",
	"ip_address": null,
	"active": true,
	"paused": false,
	"is_shared": true,
	"runner_type": "instance_type",
	"name": null,
	"online": null,
	"status": "never_contacted"
}

References

&15777
#443597 (closed)

Implementation

Support for identification
Support for revocation

Edited Dec 10, 2024 by Nicholas Wittstruck