Commit 6cf4cec4 authored by Drew Blessing's avatar Drew Blessing Committed by Evan Read

Update documentation for expiring OAuth2 access tokens

parent 01241b2e
...@@ -412,6 +412,16 @@ prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doo ...@@ -412,6 +412,16 @@ prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doo
Don't rely on these fields as they are slated for removal in a later release. Don't rely on these fields as they are slated for removal in a later release.
## Revoke a token
To revoke a token, use the `revoke` endpoint. The API returns a 200 response code and an empty
JSON hash to indicate success.
```ruby
parameters = 'client_id=APP_ID&client_secret=APP_SECRET&token=TOKEN'
RestClient.post 'https://gitlab.example.com/oauth/revoke', parameters
```
## OAuth 2.0 tokens and GitLab registries ## OAuth 2.0 tokens and GitLab registries
Standard OAuth 2.0 tokens support different degrees of access to GitLab Standard OAuth 2.0 tokens support different degrees of access to GitLab
......
...@@ -88,6 +88,25 @@ To create an application for your GitLab instance: ...@@ -88,6 +88,25 @@ To create an application for your GitLab instance:
When creating application in the **Admin Area** , you can mark it as _trusted_. When creating application in the **Admin Area** , you can mark it as _trusted_.
The user authorization step is automatically skipped for this application. The user authorization step is automatically skipped for this application.
## Expiring Access Tokens
> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21745) in GitLab 14.3.
By default, all new applications expire access tokens after 2 hours. In GitLab 14.2 and
earlier, OAuth access tokens had no expiration.
All integrations should update to support access token refresh.
When creating new applications, you can opt-out of expiry for backward compatibility by clearing
**Expire access tokens** when creating them. The ability to opt-out
[is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/340848).
Existing:
- Applications can have expiring access tokens. Edit the application and select
**Expire access tokens** to enable them.
- Tokens must be [revoked](../api/oauth2.md#revoke-a-token) or they don't expire.
## Authorized applications ## Authorized applications
Every application you authorize with your GitLab credentials is shown Every application you authorize with your GitLab credentials is shown
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment