[FE] Move broad access PATs form to new page and improve scope grouping
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
Summary
As part of introducing fine-grained Personal Access Tokens (PATs), we need to improve the user experience for broad access PATs by moving the form to a dedicated page and enhancing the scope grouping and information presentation.
Proposal
We will introduce fine-grained PATs in a new form and need to make consistency updates to the UX of broad access PATs, including:
Core Changes
- Move form to new page: Create a dedicated page for broad access PAT creation/management
- Group related permissions: Organize scopes into logical groups for better usability
- Move description to information section: Align with other token permission patterns across GitLab
- Add API scope warning: Alert users when they select full API scope
- Suggest fine-grained tokens: Recommend fine-grained tokens as a more secure alternative
Problem Statement
Currently, the broad access PAT creation experience:
- Lives in the CRUD table
- Has ungrouped scope selections that can be overwhelming
- Lacks clear warnings about overly broad permissions
- Doesn't guide users toward more secure alternatives
Goals
- Improve Security Awareness: Help users understand the implications of broad access tokens
- Enhance Usability: Make scope selection more intuitive through logical grouping
- Promote Best Practices: Guide users toward fine-grained tokens when appropriate
- Maintain Consistency: Align with GitLab's token management UX patterns
User Stories
As a developer, I want to easily understand what permissions I'm granting when creating a PAT, so I can make informed security decisions.
As a security-conscious user, I want to be warned when I'm about to create overly broad access tokens, so I can choose more restrictive alternatives.
As a new GitLab user, I want scope options to be organized logically, so I can quickly find the permissions I need without being overwhelmed.
Implementation Notes
- This change should be coordinated with the fine-grained PAT implementation