Add latest changes from gitlab-org/gitlab@13-12-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-25 23:30:46 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-25 23:30:46 +0300
commit: 1d287b31040662f1cc53a61b866ea97931a6b850 (patch)
tree: 64c1ff71f40695c1d516a7b24cabf06c408685f1 /doc/api/oauth2.md
parent: fdcb3d47df0526a9dc437c847683df8aae1e5d58 (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index dfb91283b50..61eaf0f36d7 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -194,8 +194,10 @@ NOTE:
 For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
 
 WARNING:
-The Implicit grant flow is inherently insecure. The IETF plans to remove it in
-[OAuth 2.1](https://oauth.net/2.1/).
+Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
+For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
+In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
+scheduled to be removed for existing applications.
 
 We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
 `application id` (or `client_id`) associated with the access token before granting
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-25 23:30:46 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-25 23:30:46 +0300
commit	1d287b31040662f1cc53a61b866ea97931a6b850 (patch)
tree	64c1ff71f40695c1d516a7b24cabf06c408685f1 /doc/api/oauth2.md
parent	fdcb3d47df0526a9dc437c847683df8aae1e5d58 (diff)