Remove PAT-on-Gateway authentication for Code Suggestions
Problem
Originally, the AI Gateway was using PAT authentication to authenticate a specific user. In that case, a PAT for gitlab.com was attached to a code suggestions request. The model gateway did then a verification of the PAT via gitlab.com/api/v4/ml/ai-assist
.
This method of authentication was replaced by acquiring a JWT token from the Instance which does not need a backchannel verification but can verified directly on the gateway. Maintaining both auth methods is cumbersome and can lead to confusion as evidenced in https://gitlab.com/gitlab-org/gitlab/-/issues/420643.
Desired outcome
All code related to PAT auth in the AI Gateway is removed as well as the ml/ai-assist
endpoint on the instance.
Suggested Solution
Our assumption is that any requests using this Auth method are old extensions and testing scripts.
- Disable PAT auth on the AI Gateway without removing the code
- Deploy this and let it run for at least 3 days
- Remove the PAT auth code from the AI Gateway
Pleas note that the ml/ai-assist
endpoint on the GitLab instance is still be used to validate permissions to Code Suggestions feature - see gitlab-org/gitlab-vscode-extension#750