diff options
author | Sytse Sijbrandij <sytse@gitlab.com> | 2015-02-18 20:49:19 -0800 |
---|---|---|
committer | Sytse Sijbrandij <sytse@gitlab.com> | 2015-02-18 20:49:19 -0800 |
commit | 10e4e2110c388ac43f1ebf437b963f13a1882129 (patch) | |
tree | 6b18835b7c4761a2a235da7243ec094b88bee98d /doc/api/oauth2.md | |
parent | 5555c4d99c3d2eeaf171d6e4178a1b7c93b363a6 (diff) | |
download | gitlab-ce-10e4e2110c388ac43f1ebf437b963f13a1882129.tar.gz |
Improve the explanation and linking of the Oauth docs.
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r-- | doc/api/oauth2.md | 11 |
1 files changed, 7 insertions, 4 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 7bb391054ce..d416a826f79 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -1,14 +1,17 @@ -# OAuth2 authentication +# GitLab as an OAuth2 client -OAuth2 is a protocol that enables us to get access to private details of user's account without getting its password. +This document is about using other OAuth authentication service providers to sign into GitLab. +If you want GitLab to be an OAuth authentication service provider to sign into other services please see the [Oauth2 provider documentation](../integration/oauth_provider.md). -Before using the OAuth2 you should create an application in user's account. Each application getting unique App ID and App Secret parameters. You should not share them. +OAuth2 is a protocol that enables us to authenticate a user without requiring them to give their password. + +Before using the OAuth2 you should create an application in user's account. Each application gets a unique App ID and App Secret parameters. You should not share these. This functionality is based on [doorkeeper gem](https://github.com/doorkeeper-gem/doorkeeper) ## Web Application Flow -This flow is using for authentication from third-party web sites and probably is most used. +This flow is using for authentication from third-party web sites and is probably used the most. It basically consists of an exchange of an authorization token for an access token. For more detailed info, check out the [RFC spec here](http://tools.ietf.org/html/rfc6749#section-4.1) This flow consists from 3 steps. |