Include 'expires_at' in 'v1/code/user_access_token' response
Problem to solve
We should return expiry period otherwise clients have no idea when they should refresh token. We could change the expiry period at server side than 1 hour, and clients should look at the expiry period contained in the response.
Proposal
For example,
from pydantic import BaseModel
class Token(BaseModel):
token: str
expires_at: int # timestamp - https://gitlab.com/gitlab-org/gitlab/-/issues/452044#note_1841150484
async def user_access_token(...):
token, expires_at = token_authority.encode(...)
return Token(token=token, expires_at=expires_at)
See FastAPI's response model for more info. Also, here is a reference about Google's auth client what credential should contain. If expiry
is empty, that could be interpreted as never-expiring token.
Discussed in !884 (comment 1930088044)
Links / references
Edited by Jan Provaznik