response of API request to refresh OAuth token seems to be broken at

Hi there,
I am filing this ticket because we see a problem with the Gitlab OAuth endpoints.

We are not having a particular problem with one of our Gitlab projects, but our application let our customers and therefore Gitlab customers connect their repositories to our service.

The seen behavior leads to the fact that now all OAuth access & refresh tokens expire since we are not able to refresh them.

This Java code to refresh the token worked out fine for ages:

HttpHeaders headers = new HttpHeaders();
headers.setBasicAuth(clientId, clientSecret);

MultiValueMap<String, String> params = new LinkedMultiValueMap<>();
params.add(REDIRECT_URI, redirectUri);
params.add(REFRESH_TOKEN, authentication.getRefreshToken());

HttpEntity<MultiValueMap<String, String>> request = new HttpEntity<>(params, headers);

ResponseEntity<Map<String, Object>> result =, HttpMethod.POST, request,

and it seems to do right now too, but:

as it seems, if the request is handled successfully at side:

  • Gitlab refreshes the tokens on their side
  • the response that we receive for this request at the moment is just a “{" (so no complete JSON). As tested in production and development. HEREIN we see the problem.
  • so our application does not get the refreshed token
  • the OAuth connection is broken, because Gitlab has the new token, our DB the old

Please let me know if you need further information.

Hi there!

Please can someone confirm, if

  • you have detected the same problems concerning the OAuth token refresh response
  • or if everything works out fine for you with the request

This would really help to find the root cause of this situation.