Implement new PAT API endpoint 'id'
What does this MR do and why?
Fixes #362239 (closed)
Adds a new endpoint to personal access token (PAT) API to get a single PAT by its id.
The api route is /personal_access_tokens/:id
Examples
Admin PAT = y4m_EVDK2Mbg-RDSBZgN
User PAT = kG9Biwc4393jdhfekr7oWhen accessing the own PAT
curl --header "PRIVATE-TOKEN: kG9Biwc4393jdhfekr7o" "https://gitlab.example.com/api/v4/personal_access_tokens/6[
{
"id": 6,
"name": "Test Token",
"revoked": false,
"created_at": "2022-01-01T14:31:47.729Z",
"scopes": [
"api"
],
"user_id": 40,
"last_used_at": "2022-05-18T17:58:37.550Z",
"active": true,
"expires_at": null
}
]When trying to access a foreign PAT as non-administrator
curl --header "PRIVATE-TOKEN: kG9Biwc4393jdhfekr7o" "https://gitlab.example.com/api/v4/personal_access_tokens/1{ "message": "401 Unauthorized" }When trying to access a foreign PAT as administrator
curl --header "PRIVATE-TOKEN: y4m_EVDK2Mbg-RDSBZgN" "https://gitlab.example.com/api/v4/personal_access_tokens/6[
{
"id": 6,
"name": "Test Token",
"revoked": false,
"created_at": "2022-01-01T14:31:47.729Z",
"scopes": [
"api"
],
"user_id": 40,
"last_used_at": "2022-05-18T17:58:37.550Z",
"active": true,
"expires_at": null
}
]When trying to access a PAT which does not exist either as administrator or non-administrator
curl --header "PRIVATE-TOKEN: y4m_EVDK2Mbg-RDSBZgN" "https://gitlab.example.com/api/v4/personal_access_tokens/1000{ "message": "401 Unauthorized" }How to set up and validate locally
- Create a PAT token
- Run the following command
curl --request GET --header "PRIVATE-TOKEN: <your_access_token>" https://gitlab.example.com/api/v4/personal_access_tokens/<id>MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Edited by Andreas Deicha