Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-05 06:10:19 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-08-05 06:10:19 +0300
commit: 24fca3804098db8d0083d35db1975d198467e9b8 (patch)
tree: d205c2c080897c5d2334a91d374899e014baf474 /doc/api/index.md
parent: dbc4b385d2c5577e82fe9cb63532f7f5ce23a9ea (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/api/index.md b/doc/api/index.md
index d9b7afc2dc8..4048a27b81f 100644
--- a/doc/api/index.md
+++ b/doc/api/index.md
@@ -166,6 +166,11 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/ap
 
 Read more about [GitLab as an OAuth2 provider](oauth2.md).
 
+NOTE:
+We recommend that OAuth access tokens have an expiration. You can use a `refresh_token` to refresh tokens. Integrations may need to be updated to refresh tokens prior to expiration, which is based on the [expires_in](https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.14) property in the token endpoint response.  
+
+A default refresh setting of two hours is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336598).
+
 ### Personal/project access tokens
 
 You can use access tokens to authenticate with the API by passing it in either
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-05 06:10:19 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-08-05 06:10:19 +0300
commit	24fca3804098db8d0083d35db1975d198467e9b8 (patch)
tree	d205c2c080897c5d2334a91d374899e014baf474 /doc/api/index.md
parent	dbc4b385d2c5577e82fe9cb63532f7f5ce23a9ea (diff)