Admin Token API: Reset OAuth Application Secrets (!179035) · Merge requests · GitLab.org / GitLab · GitLab

Please check this box if this contribution uses AI-generated content (including content generated by GitLab Duo features) as outlined in the GitLab DCO & CLA. As a benefit of being a GitLab Community Contributor, you receive complimentary access to GitLab Duo.

What does this MR do and why?

This MR adds support for resetting OAuth Application secrets.

🛠️ with ❤️ at Siemens

References

Issue: #514909 (closed)
Epic: &15777
Docs: https://docs.gitlab.com/ee/api/admin/token.html

MR acceptance checklist

MR Checklist ( @nwittstruck)

How to set up and validate locally

Enable the feature flag with rails c:

Feature.enable(:api_admin_token_revoke)

You'll need to create two new tokens:
1. A personal access token with admin_mode and api capabilities at: Preferences > Access tokens > Add new token
2. An OAuth instance application at Admin area > Applications > Add new application that you can query.
Now you can retrieve information about this token:

curl -k --request POST \
--url 'https://gdk.test:3443/api/v4/admin/token' \
--header 'Authorization: Bearer <Admin Token from Step 2.>' \
--header 'Content-Type: application/json' \
--data '{"token": "gloas-token-from-step-2-2"}'

Now, revoke the token:

curl -k --request DELETE \
--url 'https://gdk.test:3443/api/v4/admin/token \       
--header 'Authorization: Bearer <Admin Token from Step 1.>' \
--header 'Content-Type: application/json' \
--data '{"token": "gloas-token-from-step-2-2"}'

Query the token again - you should now see that the status changed to Not Found, as the secret has changed.

Related to #514909 (closed)

Edited Jan 24, 2025 by 🤖 GitLab Bot 🤖