Introduce token authentication with OIDC token
What does this MR do and why?
This MR adds a new authentication provider using the JWT token for v2/completions
endpoint. This authentication method uses JWKs available via the OIDC
configuration endpoint to verify the signature. The JWKs key is cached for
24 hours.
The new authentication methods are assigned in the MiddlewareAuthentication as follows:
- VSCode (default): use OAuth/PAT token authentication
- Web IDE (with
X-Gitlab-Authentication-Type="oidc"): use JWT token authentication
Block highlighted in #e9967a is part of this MR.
Related to #56 (closed)
How to test locally
-
Checkout this branch
-
Get a JWT token by running the following command on this GitLab branch.
jwt_token = Gitlab::CodeSuggestions::AccessToken.new.encoded -
Update the
.envfile in the root folder with the following variables.AUTH_BYPASS_EXTERNAL=false TRITON_HOST=localhost TRITON_PORT=8080 FASTAPI_DOCS_URL=/docs FASTAPI_OPENAPI_URL=/openapi.json FASTAPI_API_PORT=5052 GITLAB_URL="http://gdk.test:3000/" GITLAB_API_URL="http://gdk.test:3000/api/v4/" -
Build a local Docker image
docker buildx build --platform linux/amd64 -t code-suggestions-api:dev . -
Run the local Docker image (can be replaced with Docker Compose).
docker run --platform linux/amd64 --rm -p 5052:5052 -v $PWD:/app -it code-suggestions-api:dev -
Run a cURL command to check the authentication, using the
jwt_tokengenerated in Step 2.curl -vvv --request POST \ --url http://localhost:5999/v2/completions \ --header 'Content-Type: application/json' \ --header 'X-Gitlab-Authentication-Type: oidc' \ --header 'authorization: Bearer <jwt_token>' \ --data '{ "prompt_version": 1, "project_path": "awesome_project", "project_id": 23, "current_file": { "file_name": "main.py", "content_above_cursor": "\"\"\"\nImplement fastapi middleware to log all incoming requests\"\"\"\n", "content_below_cursor": "scoopy doo" } }' -
We should see a
500response since the authentication has passed but the model gateway fails to call an unavailable Triton server.