Admin Token API: Identify GitLab sessions

Proposal

The Admin Token API allows getting information about arbitrary tokens. It can be used in to identify what a token does, e.g. in the context of leaked tokens.

It currently lacks support for _gitlab_sessions for identification, as well as revocation. See the current implementation status.

POST /api/v4/admin/token

Should return information about the user that the _gitlab_session is associated with:

{
{
	"id": 1,
	"username": "root",
	"name": "Administrator",
	"state": "active",
	"locked": false,
...
}

References

• &15777
• https://docs.gitlab.com/ee/api/admin/token.html