Do not disable OAuth by "Disable personal access tokens" group setting
What does this MR do and why?
We implemented disabling personal access tokens for enterprise users in !148415 (merged).
#479191 (closed) reported that Disable personal access tokens for enterprise users group setting not only disables the group enterprise users' personal access tokens, but also partially disables(for REST API, but not for GraphQL API and git) their OAuth access tokens. This setting behavior is unintentional. Some groups can't disable personal access tokens for their enterprise users by this setting because it breaks their integrations that use OAuth access tokens.
To resolve this issue, this MR removes the implementation that unintentionally partially disables OAuth access tokens by Disable personal access tokens for enterprise users group setting.
See also !181669 (diffs), in that MR we ensured that this MR won't cause any issues for disabling personal access tokens.
References
Please include cross links to any resources that are relevant to this MR. This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
| Before | After |
|---|---|
How to set up and validate locally
- Log in as enterprise user.
- Create OAuth access token. https://docs.gitlab.com/api/oauth2/
- Log in as group Owner of the enterprise group.
- Disable personal access tokens for enterprise users. https://docs.gitlab.com/user/profile/personal_access_tokens/#disable-personal-access-tokens-for-enterprise-users
- Confirm that Disable personal access tokens group setting does not disable the enterprise user's OAuth access token, by using it for authentication with REST API.