Our team is currently configuring a system to integrate with GitLab’s REST API using the OAuth 3-legged authorization flow. We have an application that will periodically use a refresh token to obtain new access tokens. The understanding is that the old refresh token will be exchanged for an access token and a new refresh token.
We’re aware that in some applications, there is a maximum authorization time, after which the refresh is denied even if the refresh token is still valid. Can anyone confirm if GitLab has any similar limitations? For example, is there a point after which, even with valid refresh tokens, users are required to reauthorize (such as after a year of refreshing tokens)?
Thanks in advance for any insights.