[$250] Prod - Gitlab tokens expiring in 24 hours

[jmgasper]

We're seeing this happen in prod, but only recently. The Gitlab tokens assigned to a copilot are only lasting about 24 hours (or less). I'm having to go in and renew my token every day. I'm wondering if Gitlab changed something related to token expiration that we need to investigate.

[jmgasper]

Challenge https://www.topcoder.com/challenges/2740929e-85b2-4e20-bc4f-dab25eab5464 has been created for this ticket.

This is an automated message for ghostar via Topcoder X

[jmgasper]

@afrisalyp - Any interest in this one?

[gets0ul]

GitLab changed how they treat OAuth access tokens that don't expire.
OAuth tokens without an expiration is no longer supported https://docs.gitlab.com/ee/integration/oauth_provider.html#expiring-access-tokens.

Now, access tokens expire in two hours https://docs.gitlab.com/ee/update/deprecations.html#oauth-tokens-without-expiration.

[jmgasper]

@gets0ul - Ok, interesting. Can we update the processor to renew them when necessary?

[jmgasper]

Challenge https://www.topcoder.com/challenges/2740929e-85b2-4e20-bc4f-dab25eab5464 has been assigned to gets0ul.

This is an automated message for ghostar via Topcoder X

[gets0ul]

To be able to renew the access token in processor, we need to add the gitlab client id and secret in the topcoder-x-processor itself, is that fine?

[jmgasper]

Yes, we'll just make that configurable

[52cs]

To be able to renew the access token in processor, we need to add the gitlab client id and secret in the topcoder-x-processor itself, is that fine?

@gets0ul @jmgasper
An alternative way is to reuse the renew and revoke logic in src/front/src/app/settings/settings.html which calls the api in the topcoder-x-ui server.
You can reuse the logic in the topcoder-x-ui server instead of rewrite in topcoder-x-process.
This way, just a wrapper is needed to write.
Use setTimeout to renew the access_token by the refresh_token before it expired.

By using this way, it seems that no need to notify the copilot to renew the access_token with email notification. #444

[jmgasper]

@52cs - Thanks for that - that would also work. I would still like to have the email notification, as a backup.

[gets0ul]

@jmgasper so for this expired gitlab token situation, how do you want it to be done?
After every 2 hours, the token expired, email is sent to notify (done in #444),
and user go to topcoder-x-ui to refresh the token. Is that right?