Support variables expansion in id_tokens:aud (!122668) · Merge requests · GitLab.org / GitLab

Thomas de Grenier de Latour requested to merge gitlab-community/gitlab:414293-variables-in-id_tokens-aud into master Jun 05, 2023

What does this MR do and why?

Closes #414293 (closed) - Support variables expansion in id_tokens:aud

Values of the aud claim in id_tokens (introduced in GitLab 15.7) can now include CI/CD variables. This enables using such JWT tokens in contexts where the aud claim can not be a fixed value, for instance in some pipeline templates.

Note: in the documentation bits, I have written "since GitLab 16.1"; that's optimistic me assuming this could be merged in time for 16.1, but of course it can be changed if it has to.

How to set up and validate locally

create a project with a pipeline file similar to https://gitlab.com/thomasgl-orange/test-id-tokens/-/blob/9297479591a95955c476d3d42d6851b7a9c5ecd4/.gitlab-ci.yml
run the pipeline, check console output of jobs which involve some $VARIABLE in id_tokens:aud: with the changes from this MR, variables should have been substituted by an actual value

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Jun 06, 2023 by Thomas de Grenier de Latour

Support variables expansion in id_tokens:aud

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports