Hi, with our self hosted instance (v17.8.2-ee) we are running into issues with expired tokens.
For a valid token it is easy to fetch information about it through the API: Personal access tokens API | GitLab Docs. For example I would get:
{
"id": 1713,
"name": "repo-reader-01",
"revoked": false,
"created_at": "2024-05-28T08:32:59.187Z",
"description": null,
"scopes": [
"read_repository"
],
"user_id": 22,
"last_used_at": "2024-05-29T12:33:59.643Z",
"active": true,
"expires_at": "2025-05-28",
"last_used_ips": []
}
Which is very useful information, as it allow me to see the required scope, so I can generate a new token (or have the original user do that).
For an expired token the API returns just
{
"message": "401 Unauthorized"
}
At this point I have no clue who the token created, and with what scopes.
I think it would make sense for the API to return all the information also for expired token.
(although I suspect this to be a chicken/egg situation in the code somewhere, if the token is expired it cannot be used for anything at all).
Is there any other to find this information?
Is this eligible for a bug report/feature request/
many thanks 