Create the JWKs in the AIGW (!790) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway

Roy Zwambag requested to merge rz-create-jwks-in-aigw into main May 07, 2024

What does this merge request do and why?

We will start distributing user JWTs via the Ai Gateway in this MR. To be able to use those tokens, we have to add the JWK from AI Gateway to the JWKs we use to decode tokens and authorize users. This MR is setting that up.

How to set up and validate locally

Besides the specs, you can also test it locally by:

Create a user JWT, this can be done the same way its done in this MR
Disable AIGW_AUTH__BYPASS_EXTERNAL by setting it to false in your .env
Call a Code Suggestions endpoint with this token (instead of using the instance token):

curl -X 'POST' \
 'http://localhost:5052/v3/code/completions' \
 -H 'accept: application/json' \
 -H 'Content-Type: application/json' \
 -H 'X-Gitlab-Authentication-Type: oidc' \
 -H 'X-Gitlab-Realm: self-managed' \
 -H 'X-Gitlab-Instance-Id: <sub>' \
 -H 'Authorization: Bearer <token>' \
 -d '{
 "prompt_components": [
  {
   "type": "code_editor_completion",
   "payload": {
    "file_name": "string",
    "content_above_cursor": "string",
    "content_below_cursor": "string",
    "language_identifier": "string",
    "model_provider": "vertex-ai",
    "stream": false
   },
   "metadata": {
    "source": "string",
    "version": "string"
   }
  }
 ]
}'

You might also want to test the original flow (use an instance JWT instead of user JWT) to make sure that still works

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.

Closes #461 (closed)

Edited May 15, 2024 by Roy Zwambag

Create the JWKs in the AIGW

What does this merge request do and why?

How to set up and validate locally

Merge request checklist

Merge request reports