2024-05-14: Multiple reports of authentication failures accessing GitLab.com
As of 2024-05-14 a change has been implemented to enforce access token expiry. If you see higher numbers of HTTP 401 responses, please check tokens that may have expired. For more details, including how to mitigate disruption, please check our docs guide on Expired Access Tokens. If you have a support contract, you may open a support ticket for additional assistance.
Tokens with infinite lifetimes were expired. This was a planned activity which was scheduled for 00:00 UTC today. Customers with expired tokens will need to start using refreshed tokens.
There's a script developed by one of our team members to get all expired group, subgroup and project access tokens. This should help users identify access tokens they need to recreate.
In some cases retrying the expired tokens are also causing rate limiting to start blocking requests when they exceed 30 failed authentication attempts in 3 minutes.
We have increased our rate limits to alleviate errors resulting from token lifetime limits implementation, from 30 attempts in a 3-minute window, to 500 attempts in a 60-seconds window. The ban time was also reduced from 1 hour to 15 minutes.
/cdn.vox-cdn.com/uploads/chorus_asset/file/25544672/Jones_drives_the_solar_car_across_the_finish_line_at_the_Portofino_Hotel.jpg)