manage-oauth-access-token-does-not-have-an-expiration.yml 710 Bytes
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
---
features:
  secondary:
  - name: "OAuth access tokens issued with expiration by default"
    available_in: [core, starter, premium, ultimate]
    gitlab_com: true
    documentation_link: 'https://docs.gitlab.com/ee/integration/oauth_provider.html'
    reporter: hsutor
    stage: manage
    categories:
    - Authentication and Authorization
    issue_url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/21745'
    description: |
      By default, any OAuth access tokens issued after this release will have a 2 hour expiry window. Previously, OAuth access tokens never expired, which is insecure. You can disable this option by unchecking the **Expire Access Token** checkbox on the OAuth application UI.