Summary

Add an option to create API tokens without an expiry date (or allow admins to configure a longer/indefinite expiry), to support long-lived Git HTTPS workflows and reduce operational overhead.

Problem

Today, API tokens require an expiry (commonly capped at 1 year). For teams using HTTPS for Git operations (clone/fetch/pull/push), this creates:

• Recurring outages and developer time loss when tokens expire unexpectedly
• High operational overhead to rotate tokens across multiple developers, CI jobs, and automation
• Increased risk of “over-scoping” tokens because the permissions model is hard to map to basic Git needs quickly
• Less intuitive when the wrong token type/scopes results in generic Git errors

Proposed solution

When creating an API token, allow:

• Expiry = None / Never (with clear warning + recommended best practices),
• Organization/workspace admin policy to permit “no-expiry” tokens only for specific roles/groups
• Make the error messaging very clearer if incorrect API token scopes selected or app password used, etc.