diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-29 12:10:26 +0300 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-08-29 12:10:26 +0300 |
| commit | 7bb7575c608f39a547b70b48d1101b23f22a16b7 (patch) | |
| tree | 007d7ce93374a943e395f142233ea6a8e4caec58 /doc/integration | |
| parent | 7131c9e2e9a00fe7aa7499799a536443fc4fd54a (diff) | |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/integration')
| -rw-r--r-- | doc/integration/oauth_provider.md | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index 808a55bf0a3..8a3a7f4cea5 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -115,16 +115,27 @@ At any time you can revoke any access by selecting **Revoke**. > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21745) in GitLab 14.3, with the ability to opt out. > - Ability to opt-out of expiring access token [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/340848) in GitLab 15.0. +> - Database validation on `expires_in` [introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/112765) in GitLab 15.10. If your GitLab instance has any remaining OAuth Access Tokens without `expires_in` set when you are upgrading to 15.10 or later, the database migration will raise an error. For workaround instructions, see the [GitLab 15.10.0 upgrade documentation](../update/versions/gitlab_15_changes.md#15100). WARNING: The ability to opt out of expiring access tokens was [deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/340848) in GitLab 14.3 and [removed](https://gitlab.com/gitlab-org/gitlab/-/issues/340848) in 15.0. All existing integrations must be updated to support access token refresh. -Access tokens expire after two hours. Integrations that use access tokens must generate new ones at least every -two hours. +Access tokens expire after two hours. Integrations that use access tokens must +generate new ones using the `refresh_token` attribute. Refresh tokens may be +used even after the `access_token` itself expires. +See [OAuth 2.0 token documentation](../api/oauth2.md) for more detailed +information on how to refresh expired access tokens. -When applications are deleted, all grants and tokens associated with the application are also deleted. +This expiration setting is set in the GitLab codebase using the +`access_token_expires_in` configuration from +[Doorkeeper](https://github.com/doorkeeper-gem/doorkeeper), the library that +provides GitLab as an OAuth provider functionality. The expiration setting is +not configurable. + +When applications are deleted, all grants and tokens associated with the +application are also deleted. ## Hashed OAuth application secrets |