Add O11yToken class (!197515) · Merge requests · GitLab.org / GitLab

What does this MR do and why?

Add O11yToken class

This class is used to login to the O11y service and get JWT tokens. The tokens are used to authenticate requests to the O11y service.

Related MR Slicing

This MR is a slice of a feature that logs a user into the o11y service. Here are the related slices

Add O11yToken class (!197515 - merged) <- you are here
Add ObservabilityPresenter (!197533 - merged)
Update ObservabilityController to use presenter (!197535 - merged)
Log a user into the O11y service react app (!197536 - merged) <- full functionality here

Sequence diagram for this part of the process:

sequenceDiagram
    participant RC as Rails Controller
    participant OB as O11y Backend

    RC->>OB: POST /auth/login<br/>{email, password}
    OB-->>RC: 200 OK<br/>{jwt: "eyJ0eXAi..."}

Which is part of the login process used to authenticate a user in the O11y react app:

sequenceDiagram
    participant RC as Rails Controller
    participant OB as O11y Backend
    participant RV as Rails View
    participant VC as Vue Component
    participant RA as React App (iframe)

    RC->>OB: POST /auth/login<br/>{email, password}
    OB-->>RC: 200 OK<br/>{jwt: "eyJ0eXAi..."}
    
    RC->>RV: render view<br/>@data = tokens, encryption key...
    RV-->>RC: HTML with JWT in data attribute
    
    RC->>VC: serve page with<br/>Vue component
    RV->>VC: mount component<br/>data-jwt="eyJ0eXAi..."
    
    VC->>RA: create iframe<br/>src="app.html"
    RA-->>VC: iframe loaded<br/>ready event
    VC->>RA: postMessage<br/>{type: 'AUTH_TOKEN', jwt: 'eyJ0eXAi...'}
    RA-->>VC: postMessage<br/>{type: 'AUTH_SUCCESS'}

References

Update login process to use observability_group_o11y_setting table

Screenshots or screen recordings

No UI changes

Before	After

How to set up and validate locally

In rails console enable the feature flag and set the group settings (Replace YOUR_EMAIL)

group = Group.find_by_path('toolbox')
Feature.enable(:observability_sass_features, group)
group.create_observability_group_o11y_setting!(
   o11y_service_url: "http://localhost:8080",
   o11y_service_user_email: YOUR_EMAIL,
   o11y_service_password: "passwordmcpasswordface",
   o11y_service_post_message_encryption_key: "your-super-secret-encryption-key-here-32-chars-minimum",
)

Keep this console session open to re-use later

Get an instance of GitLab O11y running locally
1. Install Docker Desktop if you haven't already.
2. Download GitLab O11y's docker compose file
3. Replace YOUR_EMAIL with your email and start everything

 O11Y_ENCRYPTION_KEY=your-production-encryption-key-here-32-chars-minimum O11Y_EMAIL=YOUR_EMAIL O11Y_PASSWORD=passwordmcpasswordface ALLOWED_ORIGINS="http://localhost:3000" O11Y_NAME=O11y ORG_DISPLAY_NAME=GitLab docker compose -f docker-compose.yaml up -d

This should create a new user and organization in the O11y service that will be used to login.

Open the o11y service in your browser http://localhost:8080/ and make sure it's running - you should see a login screen - not an account creation screen
Use the O11yToken class in your console session

Observability::O11yToken.generate_tokens(group.observability_group_o11y_setting)

This should output something like:

=> {:userId=>"0197c339-9c95-72df-8ae7-7bd84c4ce754",
 :accessJwt=>"eyJhb...",
 :refreshJwt=>"eyJhbG..."}

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited Jul 12, 2025 by Dakota Dux