GitLab 刷新 oAuth 令牌

Question

阅读有关 http://docs.gitlab.com/ce/api/oauth2.html 的文档，但没有关于如何撤销和刷新 OAuth 令牌的信息。

刷新令牌可能是必要的，因为令牌响应也会获得刷新令牌。

{
  "access_token": "de6780bc506a0446309bd9362820ba8aed28aa506c71eedbe1c5c4f9dd350e54",
  "token_type": "bearer",
  "scope": "api",
  "created_at": 1372559331
  "refresh_token": "8257e65c97202ed1726cf9571600918f3bffb2544b26e00a61df9897668c33a1"
}

Answer 1

好的，在四处寻找后我找到了它：

Map<String, String> parameters = new HashMap<>();
parameters.put("grant_type", "refresh_token");
parameters.put("refresh_token", refreshToken);
parameters.put("scope", "api");

return post("https://gitlab.com/oauth/token", parameters, ...

注意在最近的 GitLab 版本中没有必要刷新令牌，因为如果请求失败（响应未到达您）但令牌已更改，您可能会将自己锁定.

Answer 2

您现在 GitLab 14.3（2021 年 9 月）：

OAuth access tokens issued with expiration by default

By default, any OAuth access tokens issued after this release will have a 2 hour expiry window.

Previously, OAuth access tokens never expired, which is insecure.

You can disable this option by unchecking the Expire Access Token checkbox on the OAuth application UI.

See Documentation and Issue.

GitLab 刷新 oAuth 令牌

GitLab refresh oAuth token

oauth

gitlab

OAuth access tokens issued with expiration by default