Missing expires_in in the token-response

Hi there. So I’m trying to authenticate via OAuth2 using credentials only as described here: http://doc.gitlab.com/ce/api/oauth2.html#resource-owner-password-credentials

I’m sending this in a POST request to https://xxxx.xxxx.net/oauth/token

{
“grant_type” : “password”,
“username” : “xxxx@xxxx.de”,
“password” : “xxxx”
}

and I’m getting this in the response:

{
“access_token”: “xxxxx”,
“token_type”: “bearer”,
“refresh_token”: “xxxxx”,
“scope”: “api”,
“created_at”: 1435333191
}

…which is different from the response documented in the link above. It’s missing expires_in (and also returns refresh_token, scope and created_at which aren’t documented there).

Updated: 2016-12-20 11:10:24 +0800
Gitlab uses Doorkeeper for oauth.

The Doorkeeper wiki has an ariticle “Customizing Token Expiration” https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-Token-Expiration

This wiki tells us a configuration “access_token_expires_in”. I searched in gitlab source code and found it sets to nil.

This meas the ‘access_token’ will never expire.


I have same question. No any official reply?

I found this http://stackoverflow.com/a/39265670