Gitlab Shell: Authenticate via JWT token (!86148) · Merge requests · GitLab.org / GitLab · GitLab

Igor Drozdov requested to merge id-jwt-gitlab-shell into master Apr 28, 2022

JWT token are now being sent from Gitlab Shell: gitlab-shell!596 (merged)

Before:

Gitlab Shell sent a shared secret_token, Gitlab Rails verifies this token

Now:

Gitlab Shell sends a shared secret_token
Gitlab Shell sends JWT singed by the shared secret_token
Gitlab Rails verifies either JWT or secret token (depends on the FF)

After:

FF is removed
Only JWT is verified

Feature flag: gitlab_shell_jwt_token

Edited Jul 22, 2022 by Igor Drozdov