Every job has a dedicated job token
Job tokens can be used to authenticate:
Job token inherits the access level of triggering user
When using schedules the creator of the schedule is used
Configure the allowlist for foreign job tokens
Breaking change in behavior of token scope
Allowlist of projects a token is allowed to access
Defined outgoing permissions
Allowlist of projects to allow access from
Defines incoming access
Works if cloned project is public or internal