Add a prefix to SCIM tokens behind a feature flag
Prefixes SCIM OAuth Access Tokens with `glsoat-` following the guidance at https://docs.gitlab.com/ee/development/secure_coding_guidelines.html#token-prefixes. GitLab applies a prefix to some of its generated secrets. For example, a Personal Access Token begins with `glpat-`. This MR adds a prefix to SCIM Tokens. It also updates our frontend secret detection which helps prevent users from leaking tokens via Issue / MR comments. SCIM tokens can belong to a Group, or have no Group and be an instance token. These tokens are used to authenticate against the APIs described at https://docs.gitlab.com/ee/development/internal_api/#group-scim-api and https://docs.gitlab.com/ee/development/internal_api/#instance-scim-api respectively. A feature flag is being used to reduce the risk of breaking third-party integrations, which might have made assumptions about the format of GitLab's SCIM tokens remaining static. See https://gitlab.com/gitlab-org/gitlab/-/issues/435096#note_1691498327 for discussion. Resolves https://gitlab.com/gitlab-org/gitlab/-/issues/435096 Changelog: changed EE: true
显示
- .gitleaksignore 1 个添加, 0 个删除.gitleaksignore
- app/assets/javascripts/lib/utils/secret_detection.js 4 个添加, 0 个删除app/assets/javascripts/lib/utils/secret_detection.js
- config/feature_flags/development/prefix_scim_tokens.yml 8 个添加, 0 个删除config/feature_flags/development/prefix_scim_tokens.yml
- config/gitleaks.toml 1 个添加, 0 个删除config/gitleaks.toml
- doc/security/token_overview.md 1 个添加, 0 个删除doc/security/token_overview.md
- ee/app/models/scim_oauth_access_token.rb 7 个添加, 1 个删除ee/app/models/scim_oauth_access_token.rb
- ee/spec/models/scim_oauth_access_token_spec.rb 18 个添加, 0 个删除ee/spec/models/scim_oauth_access_token_spec.rb
- spec/frontend/lib/utils/secret_detection_spec.js 1 个添加, 0 个删除spec/frontend/lib/utils/secret_detection_spec.js
加载中
想要评论请 注册 或 登录