Allow projects to be fetched by ai_workflows token
What does this MR do and why?
Allows public projects to be fetched by ai_workflows
oauth token.
Background
Duo workflow service has a tool to fetch project information from GitLab API. It's using an oauth token with ai_workflows
scope.
However, these requests currently fail with insufficient scope
error. This is despite the fact that no auth is required to fetch public projects.
MR acceptance checklist
Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Screenshots or screen recordings
Before (without token)
curl -XGET http://gdk.test:3000/api/v4/projects/43 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 772 100 772 0 0 13220 0 --:--:-- --:--:-- --:--:-- 13310
{
"id": 43,
"description": null,
"name": "duo test",
...
}
Before (with token)
curl -XGET http://gdk.test:3000/api/v4/projects/43 -H "Authorization: Bearer [token-with-scope-ai_workflows]" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 149 100 149 0 0 1711 0 --:--:-- --:--:-- --:--:-- 1732
{
"error": "insufficient_scope",
"error_description": "The request requires higher privileges than provided by the access token.",
"scope": "api read_api"
}
After (with token)
curl -XGET http://gdk.test:3000/api/v4/projects/43 -H "Authorization: Bearer [token-with-scope-ai_workflows]" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4982 100 4982 0 0 6944 0 --:--:-- --:--:-- --:--:-- 6948
{
"id": 43,
"description": null,
"name": "duo test",
...
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.