diff --git a/doc/api/group_access_tokens.md b/doc/api/group_access_tokens.md index 8809323dbec5d3fb6db629832aa545e4ec40871e..f927d3474e0294ff4c06fa2acf6d113eae0bb677 100644 --- a/doc/api/group_access_tokens.md +++ b/doc/api/group_access_tokens.md @@ -117,7 +117,7 @@ POST /groups/:id/access_tokens | `name` | String | yes | Name of the group access token | | `scopes` | `Array[String]` | yes | [List of scopes](../user/group/settings/group_access_tokens.md#scopes-for-a-group-access-token) | | `access_level` | Integer | no | Access level. Valid values are `10` (Guest), `15` (Planner), `20` (Reporter), `30` (Developer), `40` (Maintainer), and `50` (Owner). | -| `expires_at` | Date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). The date cannot be set later than the [maximum allowable lifetime of an access token](../user/profile/personal_access_tokens.md#access-token-expiration). | +| `expires_at` | Date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). | ```shell curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \ @@ -164,7 +164,7 @@ POST /groups/:id/access_tokens/:token_id/rotate |-----------|------------|----------|---------------------| | `id` | integer or string | yes | ID or [URL-encoded path of the group](rest/index.md#namespaced-paths) | | `token_id` | integer | yes | ID of the access token | -| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. | +| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. | ```shell curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/groups/<group_id>/access_tokens/<token_id>/rotate" diff --git a/doc/api/group_service_accounts.md b/doc/api/group_service_accounts.md index a5d8f6a96818b95607adbda57d39776cf09d16c1..3f9949f4a8c816c024ef0c301ed9cad3b60714f1 100644 --- a/doc/api/group_service_accounts.md +++ b/doc/api/group_service_accounts.md @@ -141,7 +141,7 @@ Parameters: | `user_id` | integer | yes | The ID of a service account user. | | `name` | string | yes | The name of the personal access token. | | `scopes` | array | yes | Array of scopes of the personal access token. See [personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes) for possible values. | -| `expires_at` | date | no | The personal access token expiry date. When left blank, the token follows the [standard rule of expiry for personal access tokens](../user/profile/personal_access_tokens.md#access-token-expiration). To specify no expiration date, omit this key. | +| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). | Example request: diff --git a/doc/api/personal_access_tokens.md b/doc/api/personal_access_tokens.md index 31524721c1ac180fa98c2d4c8d313e338eab6a70..2b8ab9e7cc28aa886f778461d29b9f1a574c68cc 100644 --- a/doc/api/personal_access_tokens.md +++ b/doc/api/personal_access_tokens.md @@ -213,7 +213,7 @@ Example response: ## Rotate a personal access token -Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week +Rotate a personal access token. Revokes the previous token and creates a new token that expires in one week. You can either: @@ -224,7 +224,7 @@ You can either: > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/403042) in GitLab 16.0 -In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date can be up to a maximum of one year from the rotation date. +In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date is subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration). ```plaintext POST /personal_access_tokens/:id/rotate @@ -233,7 +233,7 @@ POST /personal_access_tokens/:id/rotate | Attribute | Type | Required | Description | |-----------|-----------|----------|---------------------| | `id` | integer/string | yes | ID of personal access token | -| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. | +| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. | NOTE: Non-administrators can rotate their own tokens. Administrators can rotate tokens of any user. @@ -277,7 +277,7 @@ Requires: - `api` scope. -You can use the `expires_at` parameter to set a different expiry date. This non-default expiry date can be up to a maximum of one year from the rotation date. +In GitLab 16.6 and later, you can use the `expires_at` parameter to set a different expiry date. This non-default expiry date is subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration). ```plaintext POST /personal_access_tokens/self/rotate diff --git a/doc/api/project_access_tokens.md b/doc/api/project_access_tokens.md index c482ee10f506a1ebdf2fb9f34638fb2c7c2b478f..3e03c800b41c1f51e9705f442a1d42892bb90456 100644 --- a/doc/api/project_access_tokens.md +++ b/doc/api/project_access_tokens.md @@ -123,7 +123,7 @@ POST projects/:id/access_tokens | `name` | string | yes | Name of the project access token | | `scopes` | `Array[String]` | yes | [List of scopes](../user/project/settings/project_access_tokens.md#scopes-for-a-project-access-token) | | `access_level` | integer | no | Access level. Valid values are `10` (Guest), `15` (Planner), `20` (Reporter), `30` (Developer), `40` (Maintainer), and `50` (Owner). Defaults to `40`. | -| `expires_at` | date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). The date cannot be set later than the [maximum allowable lifetime of an access token](../user/profile/personal_access_tokens.md#access-token-expiration). | +| `expires_at` | date | yes | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). | ```shell curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" \ @@ -170,7 +170,7 @@ POST /projects/:id/access_tokens/:token_id/rotate |-----------|------------|----------|---------------------| | `id` | integer or string | yes | ID or [URL-encoded path of the project](rest/index.md#namespaced-paths) | | `token_id` | integer | yes | ID of the project access token | -| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. | +| `expires_at` | date | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/416795) in GitLab 16.6. If undefined, the token expires after one week. | ```shell curl --request POST --header "PRIVATE-TOKEN: <your_access_token>" "https://gitlab.example.com/api/v4/projects/<project_id>/access_tokens/<token_id>/rotate" diff --git a/doc/api/user_keys.md b/doc/api/user_keys.md index be7bfa8091b38b1cd24740fd491c94cc5dccce78..49293447d90530f6941466f6e638af9d9e799b36 100644 --- a/doc/api/user_keys.md +++ b/doc/api/user_keys.md @@ -158,7 +158,7 @@ Supported attributes: |:-------------|:-------|:---------|:------------| | `title` | string | yes | Title for key | | `key` | string | yes | Public key value | -| `expires_at` | string | no | Expiration date of the key in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`) | +| `expires_at` | string | no | Expiration date of the key in ISO format (`YYYY-MM-DD`). | | `usage_type` | string | no | Usage scope for the key. Possible values: `auth`, `signing` or `auth_and_signing`. Default value: `auth_and_signing` | Returns either: @@ -214,7 +214,7 @@ Supported attributes: | `id` | integer | yes | ID of user account | | `title` | string | yes | Title for key | | `key` | string | yes | Public key value | -| `expires_at` | string | no | Expiration date of the key in ISO 8601 format (`YYYY-MM-DDTHH:MM:SSZ`) | +| `expires_at` | string | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). | | `usage_type` | string | no | Usage scope for the key. Possible values: `auth`, `signing` or `auth_and_signing`. Default value: `auth_and_signing` | Returns either: diff --git a/doc/api/user_tokens.md b/doc/api/user_tokens.md index 5dea47566716e3e44aa566e18c5c2aea02f60833..1f614801c515c4aee683635da2fcfa182ee96b64 100644 --- a/doc/api/user_tokens.md +++ b/doc/api/user_tokens.md @@ -91,7 +91,7 @@ Supported attributes: | `name` | string | yes | Name of personal access token | | `description`| string | no | Description of personal access token | | `scopes` | array | yes | Array of approved scopes. Only accepts `k8s_proxy`. | -| `expires_at` | array | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, token expires at the end of the current day. Subject to the [maximum allowable lifetime limits](../user/profile/personal_access_tokens.md#access-token-expiration). | +| `expires_at` | array | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). | Example request: @@ -247,8 +247,8 @@ Supported attributes: | `user_id` | integer | yes | ID of user account | | `name` | string | yes | Name of impersonation token | | `description`| string | no | Description of impersonation token | -| `expires_at` | date | yes | Expiration date of the impersonation token in ISO format (`YYYY-MM-DD`) | -| `scopes` | array | yes | Array of approved scopes. For a list of possible values, see [Personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes): | +| `expires_at` | date | yes | Expiration date of the impersonation token in ISO format (`YYYY-MM-DD`). If undefined, the date is set to the [maximum allowable lifetime limit](../user/profile/personal_access_tokens.md#access-token-expiration). | +| `scopes` | array | yes | Array of approved scopes. For a list of possible values, see [Personal access token scopes](../user/profile/personal_access_tokens.md#personal-access-token-scopes). | Example request: diff --git a/doc/development/internal_api/index.md b/doc/development/internal_api/index.md index fe14cfa343b7713ef69d697a95af618d12f4e3dd..7ac63f123f79a3ae7dc6ec7636cd1051dc4a12cb 100644 --- a/doc/development/internal_api/index.md +++ b/doc/development/internal_api/index.md @@ -332,7 +332,7 @@ personal access token. |:----------|:-------|:---------|:------------| | `name` | string | yes | The name of the new token | | `scopes` | string array | yes | The authorization scopes for the new token, these must be valid token scopes | -| `expires_at` | string | no | The expiry date for the new token | +| `expires_at` | string | no | Expiration date of the access token in ISO format (`YYYY-MM-DD`). | | `key_id` | integer | no | The ID of the SSH key used as found in the authorized-keys file or through the `/authorized_keys` check | | `user_id` | integer | no | User ID for which to generate the new token |