Oauth documentation does not match actual behavior
Summary
Actual behaviour of OAuth flow does not match documentation.
Steps to reproduce
Do a OAuth password grant flow
What is the current bug behavior?
This is the actual response:
{
"access_token": "abcdef",
"token_type": "bearer",
"refresh_token": "hijklmnop",
"scope": "api",
"created_at": 1519757953
}
What is the expected correct behavior?
According to: https://docs.gitlab.com/ce/api/oauth2.html#1-requesting-access-token
{
"access_token": "1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa",
"token_type": "bearer",
"expires_in": 7200
}
Details
This most likely stems from a lack of understanding from my part, however I do not see any information about expiration on my actual response even though the response contains a refresh_token
. The documentation does not mention any default expiration of said token therefore it is difficult for my application to know when to refresh the token.