Skip to content

GitLab Next

  • Projects
  • Groups
  • Snippets
  • Help
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
GitLab
GitLab
  • Project overview
    • Project overview
    • Details
    • Activity
    • Releases
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
    • Locked Files
  • Issues 34,840
    • Issues 34,840
    • List
    • Boards
    • Labels
    • Service Desk
    • Milestones
    • Iterations
  • Merge Requests 1,219
    • Merge Requests 1,219
  • Requirements
    • Requirements
    • List
  • CI / CD
    • CI / CD
    • Pipelines
    • Jobs
    • Schedules
    • Test Cases
  • Security & Compliance
    • Security & Compliance
    • Dependency List
    • License Compliance
  • Operations
    • Operations
    • Metrics
    • Incidents
    • Environments
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • CI / CD
    • Code Review
    • Insights
    • Issue
    • Repository
    • Value Stream
  • Snippets
    • Snippets
  • Members
    • Members
  • Collapse sidebar
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
  • GitLab.org
  • GitLabGitLab
  • Issues
  • #9147

Closed
Open
Opened Jan 10, 2019 by Lee Matos@lbot🗽Maintainer

If you have more than 10 GitHub OAuth Tokens, the oldest will be revoked.

We ran into this in a long running customer ticket: https://gitlab.zendesk.com/agent/tickets/111075

It took a while to deduce, but we figured out that Github has a limit to the amount of tokens it will give you. Currently it's 10.

To repro:

  1. Create 11 repos on Github.
  2. Set up the github integration and import one repo at a time as outlined here: https://docs.gitlab.com/ee/ci/ci_cd_for_external_repos/github_integration.html#connect-with-github-integration
  3. On the 11th repo import, the first imported repo will now start failing due to the token being revoked.

you can go to the mirroring tab and grab the URL and try it in your terminal to confirm outside of GitLab.

I'm not sure there is much we can do, but this can have far reaching effects for users of this integration. The customer suggested maybe a mechanism to track and reuse tokens, but I'm concerned about the security implications there.

Assignee
Assign to
Backlog
Milestone
Backlog
Assign milestone
Time tracking
None
Due date
None
Reference: gitlab-org/gitlab#9147