Add controllers and frontend for DPoP
Compare changes
Files
5@@ -11,6 +11,7 @@ class PersonalAccessTokensController < ApplicationController
@@ -80,6 +81,23 @@ def rotate
@@ -90,6 +108,14 @@ def personal_access_token_params
This MR adds the controller and frontend code for Add DPoP checks in GraphQL and API requests (!169013 - merged).
Related to Sender constraining personal access tokens (#425130).
See the epic (Allow users to require demonstrated proof of po... (&14383)) for context, pre-work, and other related issues.
When dpop_authentication
FF is disabled:
When :dpop_authentication
FF is enabled:
bin/rails db:migrate
Feature.enable(:dpop_authentication, User.first)
User.first.dpop_enabled
and also on the frontend after refreshing the page.