Add v1/code/user_access_token API endpoint
What does this merge request do and why?
Adds v1/code/user_access_token
API.
Extracted from !768 (closed)
See #429 (closed)
How to set up and validate locally
Create a key or use the existing one for local dev: openssl genrsa -out jwt_signing.key 2048
.
Make sure it's available in ENV var: export JWT_SIGNING_KEY=$(jwt_signing.key)
If you recently synced your instance with your local CDot (or it's easier to do), you may grab a token from the DB.
Alternatively:
Run local CDot.
Open http://localhost:5000/graphiql
.
Execute:
{
cloudConnectorAccess(gitlabVersion: "16.9", licenseKey: "<YOUR_KEY_FROM_THE_DB>") {
serviceToken {
token
expiresAt
}
availableServices {
name
serviceStartTime
bundledWith
}
}
}
Grab a token from the response.
Request the endpoint we introduce in this MR:
curl --request POST \
--url 'http://localhost:5052/v1/code/user_access_token' \
--header 'Authorization: Bearer <YOUR_TOKEN_FROM_CDOT>' \
--header 'X-Gitlab-Authentication-Type: oidc' \
--header 'Content-Type: application/json' |
--header 'X-Gitlab-Global-User-Id: 777
(replace the token in the snippet, you can replace Global-User-Id as well, if you feel so)
You should have 200
response and receive a user token.
Grab it, paste into https://jwt.io/ and explore the claims.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Edited by Aleksei Lipniagov