OAuth token response no longer includes `expires_in`
Summary
OAuth token response no longer includes expires_in.
Following up on the GitLab 15.0 breaking changes which add an 2-hour expiration to all OAuth access tokens, https://about.gitlab.com/blog/2022/04/18/gitlab-releases-15-breaking-changes/#oauth-tokens-without-expiration
Tracking this internally for the Gitter project at gitterHQ/webapp#2838 (closed)
Steps to reproduce
- Have an OAuth application setup with
Expire access tokensenabled - Follow the OAuth authorization code flow documented at https://docs.gitlab.com/14.10/ee/api/oauth2.html#authorization-code-flow
- Notice that
expires_inis not returned response body for/oauth/token?grant_type=authorization_codeor/oauth/token?grant_type=refresh_token
Example Project
What is the current bug behavior?
expires_in is NOT included in the response for both /oauth/token?grant_type=authorization_code or /oauth/token?grant_type=refresh_token.
{
"access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
"token_type": "bearer",
"refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1",
"scope":"read_user api"
"created_at": 1607635748
}What is the expected correct behavior?
As documented, expires_in is included in the response for both /oauth/token?grant_type=authorization_code or /oauth/token?grant_type=refresh_token.
This expiry field is useful to store and compare against when you need to use the refresh_token again to get a new access_token. We could guess what time it expires since it's 2-hours now but it would be nice to get this from the response because this behavior could change in the future.
{
"access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
"token_type": "bearer",
+ "expires_in": 7200,
"refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1",
"scope":"read_user api"
"created_at": 1607635748
}Relevant logs and/or screenshots
Expire access tokens is enabled for the OAuth Application and I've signed in and out multiple times.
Output of checks
Results of GitLab environment info
Expand for output related to GitLab environment info
(For installations with omnibus-gitlab package run and paste the output of: `sudo gitlab-rake gitlab:env:info`) (For installations from source run and paste the output of: `sudo -u git -H bundle exec rake gitlab:env:info RAILS_ENV=production`)
https://gitlab.com/help -> GitLab Enterprise Edition 14.11.0-pre 8023729f15d
Results of GitLab application Check
Expand for output related to the GitLab application check
(For installations with omnibus-gitlab package run and paste the output of:
sudo gitlab-rake gitlab:check SANITIZE=true)(For installations from source run and paste the output of:
sudo -u git -H bundle exec rake gitlab:check RAILS_ENV=production SANITIZE=true)(we will only investigate if the tests are passing)