Expired Gitlab token can still make api requests with curl
So I have a curl one-liner for grabbing linked issues that IRC user trinity-1686a whipped up for me which is great. I created a gitlab access token (named curl
) to use this script and it works very nicely. However, my token expired (which is fine and expected) but it still works (which is not expected).
Seems weird no?
Output of https://gitlab.torproject.org/api/v4/personal_access_tokens:
[
{
"id": 57,
"name": "git",
"revoked": false,
"created_at": "2020-09-14T16:54:23.180Z",
"scopes": [
"api",
"read_user",
"read_api",
"read_repository",
"write_repository"
],
"user_id": 239,
"last_used_at": "2022-12-14T14:02:37.752Z",
"active": true,
"expires_at": null
},
{
"id": 417,
"name": "curl",
"revoked": false,
"created_at": "2022-10-26T23:26:53.762Z",
"scopes": [
"read_api",
"read_user",
"read_repository"
],
"user_id": 239,
"last_used_at": null,
"active": false,
"expires_at": "2022-11-25"
},
{
"id": 431,
"name": "Changelog Token",
"revoked": false,
"created_at": "2022-12-14T14:20:09.312Z",
"scopes": [
"read_api"
],
"user_id": 239,
"last_used_at": null,
"active": true,
"expires_at": null
}
]
Edited by richard