From 24fca3804098db8d0083d35db1975d198467e9b8 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 5 Aug 2021 03:10:19 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/api/index.md | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'doc/api')

diff --git a/doc/api/index.md b/doc/api/index.md
index d9b7afc2dc8..4048a27b81f 100644
--- a/doc/api/index.md
+++ b/doc/api/index.md
@@ -166,6 +166,11 @@ curl --header "Authorization: Bearer OAUTH-TOKEN" "https://gitlab.example.com/ap
 
 Read more about [GitLab as an OAuth2 provider](oauth2.md).
 
+NOTE:
+We recommend that OAuth access tokens have an expiration. You can use a `refresh_token` to refresh tokens. Integrations may need to be updated to refresh tokens prior to expiration, which is based on the [expires_in](https://datatracker.ietf.org/doc/html/rfc6749#appendix-A.14) property in the token endpoint response.  
+
+A default refresh setting of two hours is tracked in [this issue](https://gitlab.com/gitlab-org/gitlab/-/issues/336598).
+
 ### Personal/project access tokens
 
 You can use access tokens to authenticate with the API by passing it in either
-- 
cgit v1.2.3