Yehowshua/ZIm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

collab: Add ability to revoke LLM service access tokens (#16143)

Browse source 
This PR adds the ability to revoke access tokens for the LLM service.

There is a new `revoked_access_tokens` table that contains the
identifiers (`jti`) of revoked access tokens.

To revoke an access token, insert a record into this table:

```sql
insert into revoked_access_tokens (jti) values ('1e887b9e-37f5-49e8-8feb-3274e5a86b67');
```

We now attach the `jti` as `authn.jti` to the tracing spans so that we
can associate an access token with a given request to the LLM service.

Release Notes:

- N/A
This commit is contained in:
Marshall Bowers 2024-08-12 21:47:05 -04:00 committed by GitHub
parent 0bc9fc9487
commit b4c22cc861
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
8 changed files with 54 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
crates/collab/migrations_llm/20240813002237_add_revoked_access_tokens_table.sql Normal file
View file

@ -0,0 +1,7 @@
create table revoked_access_tokens (
id serial primary key,
jti text not null,
revoked_at timestamp without time zone not null default now()
);
create unique index uix_revoked_access_tokens_on_jti on revoked_access_tokens (jti);