CODEWITHSUNDEEP
oauthgitlab
Drejc
Drejc

Reputation: 14286

GitLab refresh oAuth token

Read documentation on http://docs.gitlab.com/ce/api/oauth2.html but there is no information on how to revoke and refresh the OAuth token.

Refreshing the token is probably necessary as with the token response one also gets a refresh token.

{
  "access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
  "token_type": "bearer",
  "scope": "api",
  "created_at": 1372559331
  "refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}

Upvotes: 8

Views: 9255

Answers (2)

VonC
VonC

Reputation: 1327004

You now have with GitLab 14.3 (September 2021):

OAuth access tokens issued with expiration by default

By default, any OAuth access tokens issued after this release will have a 2 hour expiry window.

Previously, OAuth access tokens never expired, which is insecure.

You can disable this option by unchecking the Expire Access Token checkbox on the OAuth application UI.

See Documentation and Issue.

As noted by Javanshir Huseynli in the comments

It is not possible to disable expiring anymore. Access tokens have to be refreshed with refresh token every 2 hours.

See Access token expiration

Upvotes: 3

Drejc
Drejc

Reputation: 14286

Ok after poking around I have found it:

Map<String, String> parameters = new HashMap<>();
parameters.put("grant_type", "refresh_token");
parameters.put("refresh_token", refreshToken);
parameters.put("scope", "api");

return post("https://gitlab.com/oauth/token", parameters, ...

NOTE in recent GitLab versions refreshing the token is not necessary, as you might lock out yourself in case the request fails (response does not reach you) but the token is altered.

Upvotes: 8

Related Questions