Token prefixes: Add support for SCIM tokens
What does this MR do and why?
Token prefixes: Add support for SCIM tokens
Adds support for instance wide token prefixes for SCIM tokens, which have been added initially with !179852 (merged)
SCIM tokens now use the instance wide token prefixes, when they are configured. The new token format is <instance>-glsoat-token.
This feature is still behind the feature flag custom_prefix_for_all_token_types
With this custom prefix, it is easier to identify leaked tokens, because we can now skip all leaked tokens that start with gl. Now, we only need to look at tokens starting with my-company-name-.
References
- Allow custom instance token prefix for all toke... (#388379)
- https://docs.gitlab.com/administration/settings/account_and_limit_settings/#instance-token-prefix
Screenshots or screen recordings
How to set up and validate locally
- Enable feature flag via
rails c:
Feature.enable(:custom_prefix_for_all_token_types)- Follow the great instructions on how to test the existing prefix for SCIM tokens.
- Change the instance wide token prefix:
Admin area > General > Account and limit > Instance token prefix, e.g. tomycustomprefix - You can now see the new instance wide prefix being applied when generating new SCIM tokens for groups or for the instance.
- You can now either toggle the feature flag or (un-)set the instance wide token prefix. Existing tokens should continue to work, as well as new tokens that contain the prefix.
MR acceptance checklist
checklist
- Changelog entry added, if necessary
- Documentation created/updated via this MR
- Documentation reviewed by technical writer or follow-up review issue created
- Tests added for this feature/bug
- Tested in all supported browsers
- Conforms to the code review guidelines
- Conforms to the merge request performance guidelines
- Conforms to the style guides
- Conforms to the javascript style guides
- Conforms to the database guides
Related to #388379
Edited by Nicholas Wittstruck