diff options
Diffstat (limited to 'doc/integration/oauth_provider.md')
-rw-r--r-- | doc/integration/oauth_provider.md | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index ff144d9985b..adfb2fad941 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -1,6 +1,6 @@ --- stage: Manage -group: Authentication & Authorization +group: Authentication and Authorization info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments --- @@ -86,25 +86,24 @@ To create an application for your GitLab instance: When creating application in the **Admin Area** , you can mark it as _trusted_. The user authorization step is automatically skipped for this application. -## Expiring Access Tokens +## Expiring access tokens > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/21745) in GitLab 14.3. -By default, all new applications expire access tokens after 2 hours. In GitLab 14.2 and -earlier, OAuth access tokens had no expiration. +WARNING: +The ability to opt-out of expiring access tokens [is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/340848). +All existing integrations should be updated to support access token refresh. -All integrations should update to support access token refresh. +Access tokens expire in two hours which means that integrations that use them must support generating new access +tokens at least every two hours. Existing: -When creating new applications, you can opt-out of expiry for backward compatibility by clearing -**Expire access tokens** when creating them. The ability to opt-out -[is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/340848). - -Existing: - -- Applications can have expiring access tokens. Edit the application and select - **Expire access tokens** to enable them. +- Applications can have expiring access tokens: + 1. Edit the application. + 1. Select **Expire access tokens**. - Tokens must be [revoked](../api/oauth2.md#revoke-a-token) or they don't expire. +When applications are deleted, all grants and tokens associated with the application are also deleted. + ## Authorized applications Every application you authorize with your GitLab credentials is shown |