Skip to content

Add API to create access token for code suggestions

Tan Le requested to merge 404427-api-code-suggestions-tokens into master

What does this MR do and why?

This MR adds a new API to create a JWT access token for Code Suggestions. This token will be used by the client, i.e. Web IDE to request access to generate code suggestions.

  • This API can be disabled by an Ops feature flag code_suggestions_tokens_api.
  • Documentation change to the REST API page will be in a separate MR.

️ Implementations

The following sequence diagram describes the integration as a whole. The block highlighted in #e9967a is part of this MR.

POST /api/v4/code_suggestions/tokens

The access token is:

  • A JWT Web Secret (JWS) token
  • Valid for 1 hour
  • Signed using OIDC private key
  • Can be verified using OIDC public key via https://gitlab.com/oauth/discovery/keys

Example request:

curl --request POST "https://gitlab.example.com/api/v4/code_sugggestions/tokens" \
  --header "Authorization: Bearer <oauth/pat>" \
  --header "Content-type: application/json"

Example response:

{
  "access_token": "<enacted>",
  "expires_in": 3600,
  "created_at": 1684386897
}

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

How to set up and validate locally

  1. Set the feature flag on rails console bundle exec rails c
    Feature.enable(:code_suggestions_tokens_api)
  2. Enable code_suggestions group settings for all root groups as well as profile setting.
    user = User.first
    user.groups.by_parent(nil).map { |g| g.update(code_suggestions: true) }
    user.namespace.update(code_suggestions: true)
  3. Execute a cURL request to create a new access token
    curl --request POST \
      --url http://gdk.test:3000/api/v4/code_suggestions/tokens \
      --header 'Content-Type: application/json' \
      --header 'Authorization: Bearer <oauth/pat>'

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Related to #404427 (closed)

Edited by Tan Le

Merge request reports

Loading