Skip to content

Extend starlette authentication module

Nikola Milojevic requested to merge extend_starlette_requires_method into main

What does this merge request do and why?

With the new JWT Universal Token, we introduced scopes for the token.

Currently, we are issuing the universal token with a single scope :code_suggestion

Our intention is to extend this and use universal token for multiple AI features, by introducing new scopes. In example, for Duo Chat, we are introducing :duo_chat scope: gitlab-org/customers-gitlab-com#7816 (closed)

Now, in order to make development and experimentation easier, we will have some proxy api calls that would be used for multiple ai features.

!383 (comment 1618197421)

This means that a single endpoint would support multiple AI functionalities:

We are currently using Starlette existing built-in premissions mechanism for required scopes.

This means that all scopes, listed in @requires tag, need to be contained in our token (relevant discussion)

@requires(['duo_chat', 'other_ai_service'])
async def foo():
    ...

This will check if customer token contains both duo_chat and other_ai_service scopes

This MR proposed a patch/extension of Starlette.authentication module, that will check if the token contains any of the listed scopes.

So if our token contains one of :duo_chat or :other_ai_service it is allowed to use end-point.

Merge request checklist

  • Tests added for new functionality. If not, please raise an issue to follow up.
  • Documentation added/updated, if needed.
Edited by Tan Le

Merge request reports