Rollout: allow_resource_access_token_creation_without_expiry_date feature flag

Feature Flag Rollout

This issue tracks the rollout of the allow_resource_access_token_creation_without_expiry_date feature flag introduced in !209400 (merged).

What does this feature do?

Makes the expires_at field optional when creating project and group access tokens via the API, aligning the behavior with personal access tokens.

Behavior

When feature flag is disabled:

• Same behavior as before (expires_at field required with hardcoded default value)

When feature flag is enabled:

• When expires_at is omitted and require_personal_access_token_expiry is enabled → returns bad request
• When expires_at is omitted and require_personal_access_token_expiry is disabled → creates a token with no expiration

Related Issue

Resolves #574745 (closed)

Rollout Plan

• Enable on GitLab.com for a percentage of users
• Monitor for any issues or unexpected behavior
• Gradually increase rollout percentage
• Enable for all users
• Remove feature flag

References

• MR: !209400 (merged)
• Group access tokens documentation
• Project access tokens documentation