Merge branch '32059-fix-oauth-phishing' into 'security-10-1'

Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization See merge request gitlab/gitlabhq!2205
author: Douwe Maan <douwe@gitlab.com> 2017-11-07 08:33:58 +0000
committer: Lin Jen-Shin <godfat@godfat.org> 2017-11-10 16:26:53 +0800
commit: ab1f3b47a84b3d2944891216403b89042a8ab3a3 (patch)
tree: 11f0240c66d670916d0e793e6c653fe43b941a34 /config/locales
parent: 304ceb144cca36dbcefcfb508b0dac220f76c9e1 (diff)
download: gitlab-ce-ab1f3b47a84b3d2944891216403b89042a8ab3a3.tar.gz
1 files changed, 9 insertions, 1 deletions
diff --git a/config/locales/doorkeeper.en.yml b/config/locales/doorkeeper.en.yml
index 0da6b14c29e..b1c71095d4f 100644
--- a/config/locales/doorkeeper.en.yml
+++ b/config/locales/doorkeeper.en.yml
@@ -62,7 +62,15 @@ en:
       read_user: Read the authenticated user's personal information
       openid: Authenticate using OpenID Connect
       sudo: Perform API actions as any user in the system (if the authenticated user is an admin)
-
+    scope_desc:
+      api:
+        Full access to GitLab as the user, including read/write on all their groups and projects
+      read_user:
+        Read-only access to the user's profile information, like username, public email and full name
+      openid:
+        The ability to authenticate using GitLab, and read-only access to the user's profile information
+      sudo:
+        Access to the Sudo feature, to perform API actions as any user in the system (only available for admins)
     flash:
       applications:
         create:
author	Douwe Maan <douwe@gitlab.com>	2017-11-07 08:33:58 +0000
committer	Lin Jen-Shin <godfat@godfat.org>	2017-11-10 16:26:53 +0800
commit	ab1f3b47a84b3d2944891216403b89042a8ab3a3 (patch)
tree	11f0240c66d670916d0e793e6c653fe43b941a34 /config/locales
parent	304ceb144cca36dbcefcfb508b0dac220f76c9e1 (diff)
download	gitlab-ce-ab1f3b47a84b3d2944891216403b89042a8ab3a3.tar.gz