Skip to content

G
gitlab-ce
Commit 81b9dae9 authored by Evan Read's avatar Evan Read
Browse files
Options

Merge branch 'ogolowinski-master-patch-85600' into 'master' 

Added to Docs Recommendation for access token expiration

See merge request gitlab-org/gitlab!67040
parents 08e9702a 8521c9e8
Hide whitespace changes
Inline Side-by-side
Showing with 5 additions and 0 deletions
doc/api/index.md
View file @ 81b9dae9
...@@ -166,6 +166,11 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/ap ...@@ -166,6 +166,11 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/ap
Read more about [GitLab as an OAuth2 provider](oauth2.md). Read more about [GitLab as an OAuth2 provider](oauth2.md).
NOTE:
We recommend that OAuth access tokens have an expiration. You can use a `refresh_token` to refresh tokens. Integrations may need to be updated to refresh tokens prior to expiration, which is based on the [expires_in](https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.14) property in the token endpoint response.
A default refresh setting of two hours is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336598).
### Personal/project access tokens ### Personal/project access tokens
You can use access tokens to authenticate with the API by passing it in either You can use access tokens to authenticate with the API by passing it in either
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7