Managing access tokens

The auth.accessTokens setting in Sourcegraph's site configuration allows admins to fine-tune parameters related to access tokens:

JSON
{
  "auth.accessTokens": {
    "allow": "all-users-create",
    "allowNoExpiration": false,
    "maxTokensPerUser": 25,
    "expirationOptionDays": [7, 14, 30, 60, 90],
    "defaultExpirationDays": 90
  }
}

Access token creation

The allow property permits or restricts the use of access tokens. It can be assigned one of three values:

all-users-create (default) Enables all users to create access tokens.
site-admin-create Restricts creation of new tokens to admin users (existing tokens will still work until revoked).
none Disables access tokens entirely.

The maxTokensPerUser property determines the maximum number of active access tokens a user can have. The default maximum is 25 tokens.

Admins can set expiration policies for access tokens. After this specified period, tokens will automatically lose their access. Note that tokens created before version 5.3 do not expire; this policy only applies to new tokens.

allowNoExpiration - Controls whether tokens can be created with no expiration date. The default setting is false.

expirationOptionDays - The options users are presented with for the token expiration period. The default options are [7, 14, 30, 60, 90].

defaultExpirationDays - The default duration selection when creating a new access token. The default is 90 days.

Managing access tokens

Access token creation

Access token expiration