Admin Token API: Revoke Feature Flags Client token

Proposal

The Admin Token API allows revoking arbitrary tokens. It can be used to identify what a token does, e.g. in the context of leaked tokens, and revoke it.

It currently lacks support to revoke feature flag client tokens. See the current implementation status. Identification is already supported.

Feature flag client tokens can only be resetted, not revoked.

feature_flags_client.reset_token!

Therefore, the following request should reset the token and return a 204.

DELETE /api/v4/admin/token

{"token": "glffct-..."}

Afterwards, retrieving the token should fail, because the token has been resetted.

References

• &15777
• https://docs.gitlab.com/ee/api/admin/token.html