diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-05 06:10:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-05 06:10:19 +0300 |
commit | 24fca3804098db8d0083d35db1975d198467e9b8 (patch) | |
tree | d205c2c080897c5d2334a91d374899e014baf474 /doc/api/index.md | |
parent | dbc4b385d2c5577e82fe9cb63532f7f5ce23a9ea (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/api/index.md')
-rw-r--r-- | doc/api/index.md | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/doc/api/index.md b/doc/api/index.md index d9b7afc2dc8..4048a27b81f 100644 --- a/doc/api/index.md +++ b/doc/api/index.md @@ -166,6 +166,11 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/ap Read more about [GitLab as an OAuth2 provider](oauth2.md). +NOTE: +We recommend that OAuth access tokens have an expiration. You can use a `refresh_token` to refresh tokens. Integrations may need to be updated to refresh tokens prior to expiration, which is based on the [expires_in](https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.14) property in the token endpoint response. + +A default refresh setting of two hours is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336598). + ### Personal/project access tokens You can use access tokens to authenticate with the API by passing it in either |