Skip to content

Job-Token authentication should be allowed at core tier

Problem

It seems there is an inconsistency in Job-Token authentication mechanism. Look at the following facts:

  • We define #find_user_from_job_token in EE directory, which means it's proprietary code. According to the doc, job-token authentication is available at EEP tier.
  • In Job Artifact API, we intend to allow Job-Token authentication even if it's implemented at core tier. With the above fact, I assume this job-token authentication is currently broken at core tier (I don't see any tests for this API)

Further more, we want to allow Job-Token authentication in Release API, which is available at core tier. Therefore, the current implementation needs to be adjusted.

Proposal

Given Job-Token authentication itself is not allowed for any endpoints by default (in other word, we need to explicitly specify which endpoint can accept the job-token header), we can safely move the #find_user_from_job_token into core level. This fixes the above problems on Job Artifact API and Release API.

We should also fix the doc as it's misleading that we don't allow Job-Token in any API even if user has EEP license.