Managing access tokens

The auth.accessTokens setting in Sourcegraph's site configuration allows admins to fine-tune parameters related to access tokens.

Access token creation

The auth.accessTokens.allow configuration field permits or restricts the creation of access tokens. It can be assigned one of three values: "none," "all-users-create" (which is the default option), or "site-admin-create.”

• none Disables the creation of access tokens.
• all-users-create Allows users to create their own token.
• site-admin-create Allows site admins to create tokens for users.

auth.accessTokens.maxTokensPerUser - This config field determines the maximum number of active access tokens a user can have. The default maximum is 25 tokens.

Access token expiration

Admins can set expiration policies for access tokens. After this specified period, tokens will automatically lose their access. Note that tokens created before version 5.3 do not expire; this policy only applies to new tokens.

auth.accessTokens.allowNoExpiration - This controls whether tokens can be created with no expiration date. The default setting is false.

auth.accessTokens.expirationOptionDays - This represents the options users are presented with for the token expiration period. The default options are [7, 14, 30, 60, 90].

auth.accessTokens.defaultExpirationDays - This sets the default duration selection when creating a new access token. The default is 90 days.