An error occurred while fetching this tab.
Generate JWT for authentication and provide it to CI jobs
- Apr 16, 2020
-
-
Krasimir Angelov authoredJSONWebToken::RSAToken's interface is not the best fir for what we need in this case.
-
Krasimir Angelov authored
Roles should be restricted to project or namespace, using one of the provided claims in CI_JOB_JWT.
-
Krasimir Angelov authored
Currently this routes to doorkeeper/openid_connect/discovery#keys, but we are going to use it instead of using the existing `/oauth/discovery/keys` directly. This way if we decide to move away from the controller provided by `doorkeeper-openid_connect` we can do it without disrupting any third parties using this endpoint. Update docs to clarify that the signing key for CI_JOB_JWT may change without any notice.
-
Krasimir Angelov authored
and update the docs.
-
Krasimir Angelov authored
to clearly indicate that subject is a build, as this is the actual object that is generator of the JWT.
-
Krasimir Angelov authored
with an example
-
Krasimir Angelov authored
and add it to predefined CI variables as CI_JOB_JWT. It can be used to authenticate with 3rd parties like Vault. Related to #207125.
-