Allow 'self' for personal access token rotation #3547

nhollander-alert · 2024-02-29T18:56:04Z

Since GitLab 16.10¹ a personal access token with the api scope can refresh itself by making a call to /personal_access_tokens/:id/rotate with an :id of self².

Tested with the following script:

import { Gitlab } from "@gitbeaker/rest"
const gl = new Gitlab({token: "glpat-..."});
gl.PersonalAccessTokens.rotate("self").then((rotated) => {
    console.log(`New token is ${rotated.token}, expires at ${rotated.expires_at}`);
});

This feature is available but undocumented from 16.9. ↩
https://docs.gitlab.com/ee/api/personal_access_tokens.html#use-a-request-header ↩

jdalrymple · 2024-03-18T03:00:00Z

🚀 PR was released in 40.0.0 🚀

nhollander-alert added 2 commits February 29, 2024 13:13

Allow 'self' for personal access token rotation

c8c65c6

Fix code style

f56b5c4

jdalrymple added the type:feature Changes add a new feature label Mar 2, 2024

jdalrymple merged commit f2a3420 into jdalrymple:main Mar 8, 2024
2 checks passed

jdalrymple added the released This issue/pull request has been released. label Mar 18, 2024

nhollander-alert deleted the add-self-token-refresh branch March 19, 2024 16:03

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Allow 'self' for personal access token rotation #3547

Allow 'self' for personal access token rotation #3547

nhollander-alert commented Feb 29, 2024

jdalrymple commented Mar 18, 2024

Allow 'self' for personal access token rotation #3547

Allow 'self' for personal access token rotation #3547

Conversation

nhollander-alert commented Feb 29, 2024

Footnotes

jdalrymple commented Mar 18, 2024