Missing expires_in in the token-response

How to Use GitLab

Robert June 29, 2015, 8:20am 1

Hi there. So I’m trying to authenticate via OAuth2 using credentials only as described here: OAuth 2.0 identity provider API | GitLab

I’m sending this in a POST request to https://xxxx.xxxx.net/oauth/token

{
“grant_type” : “password”,
“username” : “xxxx@xxxx.de”,
“password” : “xxxx”
}

and I’m getting this in the response:

{
“access_token”: “xxxxx”,
“token_type”: “bearer”,
“refresh_token”: “xxxxx”,
“scope”: “api”,
“created_at”: 1435333191
}

…which is different from the response documented in the link above. It’s missing expires_in (and also returns refresh_token, scope and created_at which aren’t documented there).

Profile/account token never expires?

MiaoZhou December 15, 2016, 9:32am 2

Updated: 2016-12-20 11:10:24 +0800
Gitlab uses Doorkeeper for oauth.

The Doorkeeper wiki has an ariticle “Customizing Token Expiration” https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-Token-Expiration

This wiki tells us a configuration “access_token_expires_in”. I searched in gitlab source code and found it sets to nil.

This meas the ‘access_token’ will never expire.

I have same question. No any official reply?

I found this http://stackoverflow.com/a/39265670

1 Like