diff options
author | Rémy Coutable <remy@rymai.me> | 2017-01-20 12:16:08 +0000 |
---|---|---|
committer | James Lopez <james@jameslopez.es> | 2017-01-20 15:04:40 +0100 |
commit | 5ddd9d40b2783510d0a31d6bcc99ca2473ab1321 (patch) | |
tree | ce9320a7480142c0730f5cebb8fbc3d90b6d659e | |
parent | 0b5c8ccd092d655ad9ee5a498f4ac434a7226c04 (diff) | |
download | gitlab-ce-5ddd9d40b2783510d0a31d6bcc99ca2473ab1321.tar.gz |
Merge branch '25851-document-token-scopes' into 'master'
Add documentation around OAuth/Personal Access Token scopes.
Closes #25851
See merge request !8226
-rw-r--r-- | doc/api/README.md | 8 | ||||
-rw-r--r-- | doc/integration/oauth_provider.md | 8 |
2 files changed, 13 insertions, 3 deletions
diff --git a/doc/api/README.md b/doc/api/README.md index f65b934b9db..20f28e8d30e 100644 --- a/doc/api/README.md +++ b/doc/api/README.md @@ -104,6 +104,13 @@ that needs access to the GitLab API. Once you have your token, pass it to the API using either the `private_token` parameter or the `PRIVATE-TOKEN` header. +> [Introduced][ce-5951] in GitLab 8.15. + +Personal Access Tokens can be created with one or more scopes that allow various actions +that a given token can perform. Although there are only two scopes available at the +moment – `read_user` and `api` – the groundwork has been laid to add more scopes easily. + +At any time you can revoke any personal access token by just clicking **Revoke**. ### Session Cookie @@ -380,3 +387,4 @@ programming languages. Visit the [GitLab website] for a complete list. [GitLab website]: https://about.gitlab.com/applications/#api-clients "Clients using the GitLab API" [lib-api-url]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/lib/api/api.rb [ce-3749]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749 +[ce-5951]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951 diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md index 0c53584d201..af8a1c4e5ed 100644 --- a/doc/integration/oauth_provider.md +++ b/doc/integration/oauth_provider.md @@ -74,8 +74,10 @@ in the **Authorized applications** section under **Profile Settings > Applicatio --- -As you can see, the default scope `api` is used, which is the only scope that -GitLab supports so far. At any time you can revoke any access by just clicking -**Revoke**. +GitLab's OAuth applications support scopes, which allow various actions that any given +application can perform. Although there are only two scopes available at the +moment – `read_user` and `api` – the groundwork has been laid to add more scopes easily. + +At any time you can revoke any access by just clicking **Revoke**. [oauth]: http://oauth.net/2/ "OAuth website" |