Add IAM service HTTP client and OAuth consent flow services (!231426) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Extract shared HTTP infrastructure for IAM service integrations and introduce the service layer for the OAuth consent flow.

Introduce HttpClient to encapsulate URL construction, IAM auth headers, timeout, and transport error handling
Introduce RedirectUrlValidator to validate IAM redirect URLs
Refactor AcceptLoginChallengeService to use HttpClient
Add GetConsentChallengeService, AcceptConsentChallengeService, and RejectConsentChallengeService for the consent flow
Log HTTP status codes only on failure; response body logging removed in favour of a more structured error.

The controller wiring these services into the consent flow will be introduced in a follow-up MR.

References

Main issue: #589572
AcceptLoginChallengeService was introduced by: !225853 (merged)

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Apr 21, 2026 by Daniele Bracciani

Add IAM service HTTP client and OAuth consent flow services

What does this MR do and why?

References

MR acceptance checklist

Merge request reports