Add endpoint to get OAuth configuration for Workspaces HTTP Server

Issue: Add endpoint to get Workspaces HTTP Server conf... (#545064 - closed) • Chad Woolley • 18.4

What does this MR do and why?

Adds support for Workspaces OAuth app.

See Add endpoint to get Workspaces HTTP Server conf... (#545064 - closed) • Chad Woolley • 18.4 for details.

References

• See Add endpoint to get Workspaces HTTP Server conf... (#545064 - closed) • Chad Woolley • 18.4

Screenshots or screen recordings

N/A, API endpoint

Database query explains

Postgres.ai reports:

NOTE: Insert command is from existing Applications::CreateService code, but including here for completeness.

1. UPDATE "oauth_applications" SET "name" = 'GitLab Workspaces', "updated_at" = '2025-08-29 07:57:17.080088' WHERE "oauth_applications"."id" = 43
   • https://postgres.ai/console/gitlab/gitlab-production-main/sessions/42939/commands/131403

 ModifyTable on public.oauth_applications  (cost=0.42..3.44 rows=0 width=0) (actual time=0.327..0.328 rows=0 loops=1)
   Buffers: shared hit=43
   WAL: records=5 fpi=0 bytes=678
   I/O Timings: read=0.000 write=0.000
   ->  Index Scan using oauth_applications_pkey on public.oauth_applications  (cost=0.42..3.44 rows=1 width=530) (actual time=0.020..0.022 rows=1 loops=1)
         Index Cond: (oauth_applications.id = 43)
         Buffers: shared hit=6
         I/O Timings: read=0.000 write=0.000
Settings: random_page_cost = '1.5', seq_page_cost = '4', work_mem = '100MB', effective_cache_size = '472585MB', jit = 'off'

2. INSERT INTO "oauth_applications" ("name", "uid", "secret", "redirect_uri", "scopes", "created_at", "updated_at", "owner_type", "trusted") VALUES ('GitLab Workspaces', '0bf874848086201a0184f7931c35d8b56e2d7c82572e026e8daaec804ec0f6e7', '$pbkdf2-sha512$20000$$Vpb2GJh/dfrSBjDwqe7NtzUtrMNYnjoTlEfC26jpcRwuWjPJVmsO.bY3.ohs4sniwBQDtsrD00u816sVbaSDLg', 'http://gdk.test:3000/-/kubernetes-agent/workspaces/oauth/redirect', 'openid', '2025-07-31 22:20:43.544740', '2025-07-31 22:20:43.544740', 'Workspaces Internal', TRUE) RETURNING "id"
   • https://console.postgres.ai/gitlab/gitlab-production-main/sessions/42013/commands/128863

How to set up and validate locally

Full integration test

1. Test using integration branch with the commits from this MR copied in: Draft: Agentw Rails Integration MR for vtak - D... (!197262 - closed)
2. Docs for additional manual setup are in Add workspace tunnelling grpc service (gitlab-org/cluster-integration/gitlab-agent!2699 - merged) (work is in progress to get all of this configured automatically in the GDK).

Easier testing (skip KAS authentication)

If you just want to test the behavior in this MR without having to invoke it via KAS with the JWT authentication, you can do the following:

1. Comment out the line authenticate_gitlab_kas_request! in ee/lib/api/remote_development/internal/agent/agentw.rb
2. gdk restart rails-web
3. curl -v http://gdk.test:3000/api/v4/internal/agents/agentw/server_config

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.