Send Arkose Data Exchange payload on signup
What does this MR do and why?
Resolves Implement sending Data Exchange payload to Arkose Labs task of https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/529+.
This MR implements ArkoseLabs Data Exchange feature in signup flow.
Data Exchange lets Arkose customers pass extra telemetry data ... between their servers and Arkose Labs servers. This happens when a new Arkose session is created. By augmenting the data Arkose Labs already collects with data that only our customers can collect, we can improve the Platform’s effectiveness. The data is sent with each parameter/value pair as an element in an overall JSON structure. It is encrypted with an AES-256-GCM cipher to prevent data tampering.
Screenshots or screen recordings
Screen_Recording_2023-12-18_at_2.42.24_PM
How to set up and validate locally
-
Enable the relevant feature flags
> Feature.enable(:arkose_labs_signup_challenge) > Feature.enable(:arkose_labs_signup_data_exchange) -
Configure application settings
> ApplicationSetting.first.update(arkose_labs_public_api_key: "XXX", arkose_labs_private_api_key: "YYY", ) > ApplicationSetting.first.update(arkose_labs_data_exchange_key: "ZZZ")Note: credentials are in 1Password under
ArkoseLabs API keys (DEVELOPMENT) -
Monitor logs. In your terminal,
tail -f log/application_json.log -
Register a new user
-
On the logs, search for
"message":"Arkose verify response" -
On the same log entry, verify that
"arkose.data_exchange_blob_received":true,"arkose.data_exchange_blob_decrypted":trueis present
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.