Skip to content

Feature/add personal access token max expire in

What does this MR do?

Add settings for admin to enforce a maximum validity duration for personal access tokens

Implements #13047 (closed) Implements #3649 (closed)

Documentation covered by issue #35550

Depends on !17854 (closed) for validation for expires_at

Screenshots

Application settings:

pat_max_allowable_duration

Limit enforcement:

Screenshot_20191104_135025

Does this MR meet the acceptance criteria?

Conformity

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • Label as security and @ mention @gitlab-com/gl-security/appsec
  • The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • Security reports checked/validated by a reviewer from the AppSec team
Edited by 🤖 GitLab Bot 🤖

Merge request reports

Loading