Add API to create access token for code suggestions
What does this MR do and why?
This MR adds a new API to create a JWT access token for Code Suggestions. This token will be used by the client, i.e. Web IDE to request access to generate code suggestions.
- This API can be disabled by an Ops feature flag
code_suggestions_tokens_api. - Documentation change to the REST API page will be in a separate MR.
⚙ ️ Implementations
The following sequence diagram describes the integration as a whole. The block highlighted in #e9967a is part of this MR.
POST /api/v4/code_suggestions/tokens
The access token is:
- A JWT Web Secret (JWS) token
- Valid for
1hour - Signed using OIDC private key
- Can be verified using OIDC public key via
https://gitlab.com/oauth/discovery/keys
Example request:
curl --request POST "https://gitlab.example.com/api/v4/code_sugggestions/tokens" \
--header "Authorization: Bearer <oauth/pat>" \
--header "Content-type: application/json"Example response:
{
"access_token": "<enacted>",
"expires_in": 3600,
"created_at": 1684386897
}Screenshots or screen recordings
Screenshots are required for UI changes, and strongly recommended for all other merge requests.
How to set up and validate locally
- Set the feature flag on rails console
bundle exec rails cFeature.enable(:code_suggestions_tokens_api) - Enable
code_suggestionsgroup settings for all root groups as well as profile setting.user = User.first user.groups.by_parent(nil).map { |g| g.update(code_suggestions: true) } user.namespace.update(code_suggestions: true) - Execute a cURL request to create a new access token
curl --request POST \ --url http://gdk.test:3000/api/v4/code_suggestions/tokens \ --header 'Content-Type: application/json' \ --header 'Authorization: Bearer <oauth/pat>'
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Related to #404427 (closed)
Edited by Tan Le