Add v1/code/user_access_token API endpoint (!796) · Merge requests · GitLab.org / ModelOps / AI Assisted (formerly Applied ML) / Code Suggestions / AI Gateway

Aleksei Lipniagov requested to merge al-add-user-jwt into main May 08, 2024

What does this merge request do and why?

Adds v1/code/user_access_token API.

How to set up and validate locally

Create a key or use the existing one for local dev: openssl genrsa -out jwt_signing.key 2048.
Make sure it's available in ENV var: export JWT_SIGNING_KEY=$(jwt_signing.key)

If you recently synced your instance with your local CDot (or it's easier to do), you may grab a token from the DB. Alternatively:
Run local CDot.
Open http://localhost:5000/graphiql. Execute:

{
  cloudConnectorAccess(gitlabVersion: "16.9", licenseKey: "<YOUR_KEY_FROM_THE_DB>") {
    serviceToken {
      token
      expiresAt
    }
    availableServices {
      name
      serviceStartTime
      bundledWith
    }
  }
}

Grab a token from the response.

Request the endpoint we introduce in this MR:

curl --request POST \
  --url 'http://localhost:5052/v1/code/user_access_token' \
  --header 'Authorization: Bearer <YOUR_TOKEN_FROM_CDOT>' \
  --header 'X-Gitlab-Authentication-Type: oidc' \
  --header 'Content-Type: application/json' |
  --header 'X-Gitlab-Global-User-Id: 777

(replace the token in the snippet, you can replace Global-User-Id as well, if you feel so)

You should have 200 response and receive a user token.

Grab it, paste into https://jwt.io/ and explore the claims.

Merge request checklist

Tests added for new functionality. If not, please raise an issue to follow up.
Documentation added/updated, if needed.

Edited May 21, 2024 by Aleksei Lipniagov

Add v1/code/user_access_token API endpoint

What does this merge request do and why?

How to set up and validate locally

Merge request checklist

Merge request reports