GitLab OAuth 访问令牌有效性

GitLab OAuth access token validity

有谁知道 GitLab 上 OAuth 访问令牌的有效期是多少?

至少需要 12 小时(根据经验),但我想确定地知道所以我不会不必要地刷新令牌。

PS: GitLab ... 如果在getting/refreshing token (PS:文档指出 "expires_in": 已返回......但它不是)

默认应该是8小时:

lib/gitlab/o_auth/session.rb 提及:

Rails.cache.write("gitlab:#{provider}:#{ticket}", 
                   ticket, expires_in: Gitlab.config.omniauth.cas3.session_duration)

gitlab.yml中,你有:

# SSO maximum session duration in seconds. Defaults to CAS default of 8 hours.
# cas3:
#   session_duration: 28800

来自 https://forum.gitlab.com/t/missing-expires-in-in-the-token-response/1232/2:

Gitlab uses Doorkeeper for oauth.

The Doorkeeper wiki has an ariticle "Customizing Token Expiration" > https://github.com/doorkeeper-gem/doorkeeper/wiki/Customizing-Token-Expiration2

This wiki tells us a configuration "access_token_expires_in". I > searched in gitlab source code and found it sets to nil.

This meas the 'access_token' will never expire.

另外,这是来自https://gitlab.com/gitlab-org/gitlab-foss/-/blob/50d66f5ece57dcfbe074d97703691a8d3c38f4ac/config/initializers/doorkeeper.rb#L42:

 # Access token expiration time (default 2 hours).
 # If you want to disable expiration, set this to nil.
 access_token_expires_in nil