Allow API calls using an OIDC Bearer token #630
Description
What feature do you want to see added?
Use-Case
We want to perform calls against the Jenkins API to implement semi-automatic credential rotation for multiple services, however for security reasons we don't want to use a static API token for this as they never run out and need to be stored in Jenkins as well as the other services securely. Additionally this token would need to be rotated as well effectively creating a cycle.
In our case semi-automatic means the whole process is automated, however a user needs to login manually to "approve" the rotation. Login in via the IDP is easy, however we then have a Bearer Token in our hands that we cannot use to talk with the Jenkins API.
Suggestion
I understand that passing basic auth information is not feasible as described in the plugin documentation, but is there any reason I cannot pass a Bearer Token? After all, the final result of the OIDC auth code flow would also be the token, so if I got that token from the IDP with whatever other way, I would assume that suffices to perform Jenkins API calls
Upstream changes
No response
Are you interested in contributing this feature?
If there is no reason against this feature, I can probably help contributing this, sounds easy enough given that API Tokens already work. Accepting Bearer Tokens is probably the same thing but different kind of validation