Skip to content

Add controllers and frontend for DPoP

Ameya Darshanrequested to merge
ameya-dpop-ui into master

What does this MR do and why?

This MR adds the controller and frontend code for Add DPoP checks in GraphQL and API requests (!169013 - merged).

Related to Sender constraining personal access tokens (#425130 - closed).

References

See the epic (Allow users to require demonstrated proof of po... (&14383)) for context, pre-work, and other related issues.

Screenshots or screen recordings

When dpop_authentication FF is disabled:

Screenshot_2025-02-11_at_11.18.57

When :dpop_authentication FF is enabled:

Screenshot_2025-02-11_at_11.20.03

How to set up and validate locally

  1. Checkout this branch locally.
  2. Run bin/rails db:migrate
  3. In rails console, enable the feature flag: Feature.enable(:dpop_authentication, User.first)
  4. Login as root.
  5. Go to Settings > Access tokens > Toggle the DPoP option.
  6. Confirm it persists in the database User.first.dpop_enabled and also on the frontend after refreshing the page.
Edited by Ameya Darshan

Merge request reports