Group Tokens should pause working if license is expired
Background
Currently in application Access Tokens
are functional even when license is revoked or expired. This happens both for Gitlab.com and self managed
instances for Gitlab. For Gitlab.com
especially User
is not allowed to create an Access Token
if its not a paid subscription. The behaviour for Access tokens
is kind of confusing in such scenario.
With changes for Issue #367740 in effect, group owner will be able to revoke Access Token
.
But what should be the behaviour for Tokens till the time they are revoked?
- Should we stop
Access Tokens
from working as soon as the subscription status is changed for Gitlab? - Is this change applicable only for
Gitlab.com
or forself managed
versions as well?
Proposal
- Tokens are 'paused' - they stop working, but continue to exist, once license is downgraded
- Once license is re-activated, tokens are unpaused and continue to work
Edited by Hannah Sutor