Only allow documented token types for GraphQL authentication
What does this MR do and why?
Backport of !150407 (merged) to 16.11
Only allow documented token types for GraphQL authentication
Currently, some token types besides those documented in the Token authentication section of the GraphQL docs can be used to authenticate a user for GraphQL. This MR ensures that only the documented token types are usable, once the associated feature flag is enabled.
Changelog: fixed
Related to #442520 Relates to https://gitlab.com/gitlab-org/release/tasks/-/issues/11141+
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
This MR is backporting a bug fix, documentation update, or spec fix, previously merged in the default branch. -
The MR that fixed the bug on the default branch has been deployed to GitLab.com (not applicable for documentation or spec changes). -
This MR has a severity label assigned (if applicable). -
Set the milestone of the merge request to match the target backport branch version. -
This MR has been approved by a maintainer (only one approval is required). -
Ensure the e2e:package-and-test-ee
job has either succeeded or been approved by a Software Engineer in Test.
Note to the merge request author and maintainer
If you have questions about the patch release process, please:
- Refer to the patch release runbook for engineers and maintainers for guidance.
- Ask questions on the
#releases
Slack channel (internal only).
Edited by Jenny Kim