Add revoke_token endpoint for ai_workflows scope
What does this MR do and why?
This commit adds a new endpoint to be called from Duo Workflow Service to revoke oauth token after the Agent Platfrom session is completed.
References
Relates to https://gitlab.com/gitlab-org/gitlab/-/issues/555923
Screenshots or screen recordings
How to set up and validate locally
- Disable ROPC in Rails Console
ApplicationSetting.first.update(ropc_without_client_credentials: false)
- Create a ai_workflowsscoped token
curl -XPOST http://gdk.test:3000/api/v4/ai/duo_workflows/direct_access\?private_token\=$GDK_TOKEN- Store the gitlab_rails.tokenin the response
- Try to revoke it with /oauth/revokeendpoint
 curl POST --verbose \
    --header "Authorization: Bearer `gitlab_rails.token`" \
    --header 'Content-Type: application/json' \
    --data '{
        "token": "`gitlab_rails.token`"
    }' \
    http://gdk.test:3000/oauth/revokeIt should not revoke the token
- Now use the new endpoint
curl POST --verbose \
    --header "Authorization: Bearer `gitlab_rails.token`" \
    --header 'Content-Type: application/json' \
    --data '{
        "token": "`gitlab_rails.token`"
    }' \
    http://gdk.test:3000/api/v4/ai/duo_workflows/revoke_token
It should revoke the token
MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Edited  by Halil Coban