Version history Show
Personal access tokens can be an alternative to OAuth2 and used to:
In both cases, you authenticate with a personal access token in place of your password. Personal access tokens are:
For examples of how you can use a personal access token to authenticate with the API, see the API documentation. Alternately, GitLab administrators can use the API to create impersonation tokens. Use impersonation tokens to automate authentication as a specific user. Create a personal access tokenIntroduced in GitLab 15.3, default expiration of 30 days is populated in the UI. You can create as many personal access tokens as you like.
Save the personal access token somewhere safe. After you leave the page, you no longer have access to the token. Prefill personal access token name and scopesYou can link directly to the Personal Access Token page and have the form prefilled with a name and list of scopes. To do this, you can append a
Revoke a personal access tokenAt any time, you can revoke a personal access token.
View the last time a token was usedToken usage information is updated every 24 hours. GitLab considers a token used when the token is used to:
To view the last time a token was used:
Personal access token scopesA personal access token can perform actions based on the assigned scopes.
When personal access tokens expirePersonal access tokens expire on the date you define, at midnight UTC.
Create a personal access token programmaticallyYou can create a predetermined personal access token as part of your tests or automation. Prerequisite:
To create a personal access token programmatically:
This code can be shortened into a single-line shell command by using the Rails runner:
Revoke a personal access token programmaticallyYou can programmatically revoke a personal access token as part of your tests or automation. Prerequisite:
To revoke a token programmatically:
This code can be shortened into a single-line shell command using the Rails runner:
TroubleshootingUnrevoke a personal access tokenIf a personal access token is revoked accidentally by any method, administrators can unrevoke that token.
Alternatives to personal access tokensFor Git over HTTPS, an alternative to personal access tokens is Git Credential Manager, which securely authenticates using OAuth. How can I get access token username and password?Get an access token based on username / password. Have a user use their browser to request an authorization token (they would be asked to enter their username/password).. Copy the authorization token from the browser and use it in the request header in a client (e.g. postman) to access my api.. How can I generate authorization token?To create a new auth token:. In the top-right corner of the Console, open the Profile menu ( ... . On the Auth Tokens page, click Generate Token.. Enter a friendly description for the auth token. ... . Click Generate Token.. How do I get an access token from an authorization server?After you add the authorization profile, you need to get access token from the server. In this tutorial, we get it by using the Authorization Code grant method: Click Get Token. In the subsequent dialog, enter Client Identification and Secret, Authorization URI, Access Token URI and Redirect URI.
|