Add latest changes from gitlab-org/gitlab@13-10-stable-eev13.10.0-rc40

1 files changed, 18 insertions, 3 deletions

diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index 92d109cac5f..2bcf86a031c 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -270,13 +270,18 @@ the following parameters:
 }
 ```
 
-Also you must use HTTP Basic authentication using the `client_id` and`client_secret`
-values to authenticate the client that performs a request.
-
 Example cURL request:
 
 ```shell
 echo 'grant_type=password&username=<your_username>&password=<your_password>' > auth.txt
+curl --data "@auth.txt" --request POST "https://gitlab.example.com/oauth/token"
+```
+
+You can also use this grant flow with registered OAuth applications, by using
+HTTP Basic Authentication with the application's `client_id` and `client_secret`:
+
+```shell
+echo 'grant_type=password&username=<your_username>&password=<your_password>' > auth.txt
 curl --data "@auth.txt" --user client_id:client_secret --request POST "https://gitlab.example.com/oauth/token"
 ```
 
@@ -354,3 +359,13 @@ These are aliases for `scope` and `expires_in` respectively, and have been inclu
 prevent breaking changes introduced in [doorkeeper 5.0.2](https://github.com/doorkeeper-gem/doorkeeper/wiki/Migration-from-old-versions#from-4x-to-5x).
 
 Don't rely on these fields as they will be removed in a later release.
+
+## OAuth2 tokens and GitLab registries
+
+Standard OAuth2 tokens support different degrees of access to GitLab registries, as they:
+
+- Do not allow users to authenticate to:
+  - The GitLab [Container registry](../user/packages/container_registry/index.md#authenticate-with-the-container-registry).
+  - Packages listed in the GitLab [Package registry](../user/packages/package_registry/index.md).
+- Allow users to get, list, and delete registries through
+  the [Container registry API](container_registry.md).