Add "self" endpoints for token self_rotation (!142664) · Merge requests · GitLab.org / GitLab

Stéphane Talbot requested to merge stalb/gitlab:feature/self-pat-rotate into master Jan 24, 2024

What does this MR do and why?

Adds a new API to PAT
The api route is /personal_access_tokens/self/rotate
Rotate the PAT token that is present in the header of the request, with the key PRIVATE-TOKEN
With this MR only PAT with the api scope will be able to rotate themselves

Self rotation of a GrAT/PrAT or a non api PAT could be added later as discussed in

#426779 (closed)
#430748

Screenshots or screen recordings

How to set up and validate locally

Create a PAT token with api scope
Run the following command

curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/personal_access_tokens/self/rotate"

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Jan 31, 2024 by Stéphane Talbot

Add "self" endpoints for token self_rotation

What does this MR do and why?

Screenshots or screen recordings

How to set up and validate locally

MR acceptance checklist

Merge request reports