Refresh GitLab tokens after they expire (migration phase 2)
Refresh GitLab tokens after they expire
Part of #2838 (closed) which tracks GitLab 15.0 changes which includes all OAuth tokens getting expiry dates (previously never expired).
Dev notes
passport-oauth2
- http://www.passportjs.org/packages/passport-oauth2/
- https://github.com/ciaranj/node-oauth/blob/a7f8a1e21c362eb4ed2039431fb9ac2ae749f26a/lib/oauth2.js#L193-L209
- https://github.com/jaredhanson/passport-oauth2/blob/ee3fe9f17c0f3a90f2d9d938f267e9942b9fba49/lib/strategy.js#L176-L196
- https://github.com/jaredhanson/passport-oauth2/issues/77
There is a library to access token refreshes, passport-oauth2-refresh
but I don't think we need it. We just need to do one API request and there is a lot more fluff in that library.
Todo
-
Write migration script to run over the GitLab identities and migrate the identity.accessTokenSecret
field (which we stored therefreshToken
in for some reason previously) toidentity.refreshToken
-
Merge minimal app code to write to the correct field and run migration script before these bigger app changes - -> !2284 (merged)
- Shipped in Gitter 21.49.0
- Migration ran against production, !2284 (comment 950739022)
Edited by Eric Eastwood