Allow custom time period for access tokens rotated via API

Proposal

Our API allows a group access token to be rotated, which will generate a new token with an expiration of one week. A customer would like for this rotation period to be customized and allow for an option to have the rotated token expire either in 90 days or a custom defined period.

added Category:System Access GitLab Free devopsmanage featureaddition groupauthentication and authorization [DEPRECATED] sectiondev labels

added typefeature label

The following customer is interested in this capability

• Subscription: GitLab Premium
• Product: ~SaaS
• Number of Licenses: 8705
• Link to request: https://gitlab.zendesk.com/agent/tickets/420677
• Priority: Not provided.
• Why interested: Not provided.
• Problem they are trying to solve: Not able to set a custom expiration date for group access tokens rotated via the API.
• Current solution for this problem: Use the default expiration period.
• Impact to the customer of not having this: Not provided.
• Questions: None
• PM to mention: @hsutor
• CSM to mention: @macalaladl

added customer label

added to epic &11155

changed milestone to %Backlog

changed title from Allow custom time period for group access tokens rotated via API to Allow custom time period for access tokens rotated via API

This should apply to all token types, so I removed group from the title.

mentioned in merge request gitlab-com/www-gitlab-com!125795 (merged)

added devopsgovern sectionsec labels and removed devopsmanage sectiondev labels

changed milestone to %16.7

mentioned in issue #406781 (closed)

Just adding my 2c here: the GitLab Dedicated team, and more widely, the GitLab Infrastructure team as a whole, would like to automate token rotation of Project and Group Access tokens, and of Service Account Tokens as we adopt Service Accounts, but with a fixed one week expiry date on the tokens, and without being able to configure the expiry dates, this is currently a non-starter for us.

Very much looking forward to this feature being delivered so that we can further automate token rotation.

cc @hsutor

@andrewn Thank you for voicing your support and articulating the impact!

We are going to do Update token rotation API to extend new token w... (#418122) next milestone then get to this in %16.7

A Mid-Market SaaS Customer wanted to share their thoughts in this ticket that they have very similar interests to what Andrew stated, and is looking forward to seeing this implemented as well.