Add web_ide_oauth feature flag
What does this MR do and why?
This MR introduces a web_ide_oauth development feature flag and basic implementation for this typefeature featureenhancement.
context: Currently the Web IDE uses cookie auth to authenticate with the API requests. It does this by working around the VSCode extension sandbox through "mediator commands". These "mediator commands" would be a security risk if we enabled the VSCode extension marketplace.
For us to securely enable the VSCode extension marketplace and use baked-in VSCode features like settings sync, we need to adopt OAuth over cookie-based authentication.
Screenshots or screen recordings
How to set up and validate locally
-
In rails console enable the
web_ide_oauthfeature flagFeature.enable(:web_ide_oauth) -
Visit any project page and click Edit then Web IDE
-
The Web IDE should load up seamlessly. Meanwhile, you should notice an "Authentication..." page pop up which is part of the OAuth handshake.
-
When opening a file, see the
rawXHR request and confirm that the OAuth token is included in theAuthorizationrequest header
Database Review Queries
For application_settings.update!(web_ide_oauth_application: application)
application_settings.update!(web_ide_oauth_application: application)UPDATE "application_settings" SET "updated_at" = '2023-12-01 02:05:01.198115', "web_ide_oauth_application_id" = 27
WHERE "application_settings"."id" = 1
/*application:web,correlation_id:01HGHHYGK63AS8AB81WMHPSDR7,endpoint_id:IdeController#index,db_config_name:main,line:/lib/gitlab/web_ide/default_oauth_application.rb:33:in `block in ensure_oauth_application!'*/MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.