Extend starlette authentication module
What does this merge request do and why?
With the new JWT Universal Token, we introduced scopes for the token.
Currently, we are issuing the universal token with a single scope :code_suggestion
Our intention is to extend this and use universal token for multiple AI features, by introducing new scopes.
In example, for Duo Chat, we are introducing :duo_chat scope: gitlab-org/customers-gitlab-com#7816 (closed)
Now, in order to make development and experimentation easier, we will have some proxy api calls that would be used for multiple ai features.
This means that a single endpoint would support multiple AI functionalities:
We are currently using Starlette existing built-in premissions mechanism for required scopes.
This means that all scopes, listed in @requires tag, need to be contained in our token (relevant discussion)
@requires(['duo_chat', 'other_ai_service'])
async def foo():
...This will check if customer token contains both duo_chat and other_ai_service scopes
This MR proposed a patch/extension of Starlette.authentication module, that will check if the token contains any of the listed scopes.
So if our token contains one of :duo_chat or :other_ai_service it is allowed to use end-point.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.