feat: add oauth handling to service and use extension authentication (!11) · Merge requests · GitLab.org / Application Security Testing Stage / SAST IDE Integration

Jason Leasure requested to merge jleasure/auth into main Jul 25, 2024

What does this MR do?

The GitLab Workflow Extension handles a number of authentication scenarios, including the use of oauth2 and PATs. The scanner service currently only supports PATs with a hack to the extension that requests a PAT each session.

This change updates the service to accept oauth tokens and re-uses the workflow extension's credentials so that team members only need to setup of the GitLab Workflow Extension once.

The components MRs are for the branches named sast-ide_auth

feat(sast-ide): add oauth handling (gitlab-org/gitlab-vscode-extension!1791 - merged) • Jason Leasure • 17.3
SAST scanner service: add oauth handling (gitlab-org/security-products/analyzers/semgrep!468 - merged) • Jason Leasure • 17.3

What are the relevant issue numbers?

Authentication and Authorization for real-time ... (gitlab-org/gitlab#467934 - closed) • Julian Thome, Jason Leasure • Next 1-3 releases

Edited Jul 25, 2024 by Jason Leasure

feat: add oauth handling to service and use extension authentication

What does this MR do?

What are the relevant issue numbers?

Merge request reports