Menu
Read documentation on http://docs.gitlab.com/ce/api/oauth2.html but there is no information on how to revoke and refresh the OAuth token.
Refreshing the token is probably necessary as with the token response one also gets a refresh token.
{
"access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
"token_type": "bearer",
"scope": "api",
"created_at": 1372559331
"refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}
587
Ok after poking around I have found it:
Map<String, String> parameters = new HashMap<>();
parameters.put("grant_type", "refresh_token");
parameters.put("refresh_token", refreshToken);
parameters.put("scope", "api");
return post("https://gitlab.com/oauth/token", parameters, ...
NOTE in recent GitLab versions refreshing the token is not necessary, as you might lock out yourself in case the request fails (response does not reach you) but the token is altered.
194
You now have with GitLab 14.3 (September 2021):
OAuth access tokens issued with expiration by default
By default, any OAuth access tokens issued after this release will have a 2 hour expiry window.
Previously, OAuth access tokens never expired, which is insecure.
You can disable this option by unchecking the Expire Access Token checkbox on the OAuth application UI.
See Documentation and Issue.
24
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
