Add latest changes from gitlab-org/gitlab@master

1 files changed, 19 insertions, 0 deletions

diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md
index 5df6c4f28b7..12ce2314206 100644
--- a/doc/integration/oauth_provider.md
+++ b/doc/integration/oauth_provider.md
@@ -88,6 +88,25 @@ To create an application for your GitLab instance:
 When creating application in the **Admin Area** , you can mark it as _trusted_.
 The user authorization step is automatically skipped for this application.
 
+## Expiring Access Tokens
+
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21745) in GitLab 14.3.
+
+By default, all new applications expire access tokens after 2 hours. In GitLab 14.2 and
+earlier, OAuth access tokens had no expiration.
+
+All integrations should update to support access token refresh.
+
+When creating new applications, you can opt-out of expiry for backward compatibility by clearing
+**Expire access tokens** when creating them. The ability to opt-out
+[is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/340848).
+
+Existing:
+
+- Applications can have expiring access tokens. Edit the application and select
+  **Expire access tokens** to enable them. 
+- Tokens must be [revoked](../api/oauth2.md#revoke-a-token) or they don't expire.
+
 ## Authorized applications
 
 Every application you authorize with your GitLab credentials is shown