我们经常发布文档更新,此页面的翻译可能仍在进行中。有关最新信息,请访问英文文档。如果此页面上的翻译有问题,请告诉我们
简体中文
未找到结果.

按产品浏览

Authentication
  • Get started
  • Account and profile
  • Authentication
  • Repositories
  • GitHub
  • Enterprise administrators
  • Billing and payments
  • Organizations
  • Code security
  • GitHub Issues
  • GitHub Actions
  • GitHub Codespaces
  • GitHub Packages
  • Search on GitHub
  • Developers
  • REST API
  • GraphQL API
  • GitHub CLI
  • GitHub Discussions
  • GitHub Sponsors
  • Building communities
  • GitHub Pages
  • Education
  • GitHub Desktop
  • Atom
  • Electron
  • CodeQL
  • npm
    • 简体中文
  • English
  • 简体中文 (Simplified Chinese)
  • 日本語 (Japanese)
  • Español (Spanish)
  • Português do Brasil (Portuguese)
    • Article version

    本文内容

    Token expiration and revocation

    Your tokens can expire and can also be revoked by you, applications you have authorized, and GitHub itself.

    When a token has expired or has been revoked, it can no longer be used to authenticate Git and API requests. It is not possible to restore an expired or revoked token, you or the application will need to create a new token.

    This article explains the possible reasons your GitHub token might be revoked or expire.

    Note: When a personal access token or OAuth token expires or is revoked, you may see an oauth_authorization.destroy action in your security log. 更多信息请参阅“查看安全日志”。

    Token revoked after reaching its expiration date

    When you create a personal access token, we recommend that you set an expiration for your token. Upon reaching your token's expiration date, the token is automatically revoked. 更多信息请参阅“创建个人访问令牌”。

    Token revoked when pushed to a public repository or public gist

    If a valid OAuth token, GitHub 应用程序 token, or personal access token is pushed to a public repository or public gist, the token will be automatically revoked.

    OAuth tokens and personal access tokens pushed to public repositories and public gists will only be revoked if the token has scopes.

    Token expired due to lack of use

    GitHub will automatically revoke an OAuth token or personal access token when the token hasn't been used in one year.

    Token revoked by the user

    You can revoke your authorization of a GitHub 应用程序 or OAuth 应用程序 from your account settings which will revoke any tokens associated with the app. For more information, see "Reviewing your authorized integrations" and "Reviewing your authorized applications (OAuth)."

    Once an authorization is revoked, any tokens associated with the authorization will be revoked as well. To re-authorize an application, follow the instructions from the third-party application or website to connect your GitHub account again.

    Token revoked by the OAuth 应用程序

    The owner of an OAuth 应用程序 can revoke an account's authorization of their app, this will also revoke any tokens associated with the authorization. For more information about revoking authorizations of your OAuth app, see "Delete an app authorization."

    Token revoked due to excess of tokens for an OAuth 应用程序 with the same scope

    每个用户/应用程序/作用域组合签发的令牌数量有限。 If an application creates more than 10 tokens for the same user and the same scopes, the oldest tokens with the same user/application/scope combination will be revoked.

    User token revoked due to GitHub 应用程序 configuration

    User-to-server tokens created by a GitHub 应用程序 will expire after eight hours by default. Owners of GitHub 应用程序 can configure their apps so that user-to-server tokens do not expire. For more information about changing how your GitHub App's user-to-server tokens behave, see "Activating optional features for apps."

    此文档对您有帮助吗?

    隐私政策

    帮助我们创建出色的文档!

    所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

    做出贡献

    或, 了解如何参与。