| title | intro | versions | topics | shortTitle | redirect_from | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Token expiration and revocation |
Your tokens can expire and can also be revoked by you, applications you have authorized, and {% data variables.product.product_name %} itself. |
|
|
Token expiration |
|
When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.
This article explains the possible reasons your {% data variables.product.product_name %} token might be revoked or expire.
{% note %}
Note: When a {% data variables.product.pat_generic %} or OAuth token expires or is revoked, you may see an oauth_authorization.destroy action in your security log. For more information, see "AUTOTITLE."
{% endnote %}
When you create a {% data variables.product.pat_generic %}, we recommend that you set an expiration for your token. Upon reaching your token's expiration date, the token is automatically revoked. For more information, see "AUTOTITLE."
{% ifversion fpt or ghec %}
If a valid OAuth token, {% data variables.product.prodname_github_app %} token, or {% data variables.product.pat_generic %} is pushed to a public repository or public gist, the token will be automatically revoked.
{% endif %}
{% ifversion fpt or ghec %}
{% data variables.product.product_name %} will automatically revoke an OAuth token or {% data variables.product.pat_generic %} when the token hasn't been used in one year. {% endif %}
You can revoke your authorization of a {% data variables.product.prodname_github_app %} or {% data variables.product.prodname_oauth_app %} from your account settings which will revoke any tokens associated with the app. For more information, see "AUTOTITLE" and "AUTOTITLE."
Once an authorization is revoked, any tokens associated with the authorization will be revoked as well. To reauthorize an application, follow the instructions from the third-party application or website to connect your account on {% data variables.location.product_location %} again.
The owner of an {% data variables.product.prodname_oauth_app %} can revoke an account's authorization of their app, this will also revoke any tokens associated with the authorization. For more information about revoking authorizations of your {% data variables.product.prodname_oauth_app %}, see "AUTOTITLE."
{% data variables.product.prodname_oauth_app %} owners can also revoke individual tokens associated with an authorization. For more information about revoking individual tokens for your {% data variables.product.prodname_oauth_app %}, see "AUTOTITLE."
Token revoked due to excess of tokens for an {% data variables.product.prodname_oauth_app %} with the same scope
{% data reusables.apps.oauth-token-limit %}
User access tokens created by a {% data variables.product.prodname_github_app %} will expire after eight hours by default, and then must be regenerated using the included refresh token. Owners of {% data variables.product.prodname_github_apps %} can optionally configure these tokens to never expire instead, but this is not recommended due to the security implications. For more information about configuring your {% data variables.product.prodname_github_app %}'s user access tokens, see "AUTOTITLE."