chore: encode instance ID in UJWT and validate header
What does this merge request do and why?
This MR encodes the instance id in the UJWT. This is a necessary step in being able to validate the instance ID header. The instance header should always be there, the first time this endpoint was called by gitlab-rails, we send over the cloud connector headers, which includes the instance id ( see https://gitlab.com/gitlab-org/gitlab/-/blob/17e193be536a51da320a737a45e351cf2cddfa9a/ee/lib/api/helpers/cloud_connector.rb )
How to set up and validate locally
Call the /user_access_token
endpoint and decode the token (e.g. with jwt.io) and ensure the instance ID is a custom claim in the token.
Merge request checklist
-
Tests added for new functionality. If not, please raise an issue to follow up. -
Documentation added/updated, if needed.
Closes #621 Closes #622
Edited by Roy Zwambag