Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/api/oauth2.md
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2021-08-19 12:08:42 +0300
committerGitLab Bot <gitlab-bot@gitlab.com>2021-08-19 12:08:42 +0300
commitb76ae638462ab0f673e5915986070518dd3f9ad3 (patch)
treebdab0533383b52873be0ec0eb4d3c66598ff8b91 /doc/api/oauth2.md
parent434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff)
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r--doc/api/oauth2.md46
1 files changed, 45 insertions, 1 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index 1b06e554e5e..ce455c89d1a 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -83,7 +83,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`.
- The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the
`CODE_VERIFIER`
- - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER))`.
+ - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`.
1. Request authorization code. To do that, you should redirect the user to the
`/oauth/authorize` page with the following query parameters:
@@ -123,6 +123,28 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD
"created_at": 1607635748
}
```
+
+1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
+ be used even after the `access_token` itself expires. This request:
+ - Invalidates the existing `access_token` and `refresh_token`.
+ - Sends new tokens in the response.
+
+ ```ruby
+ parameters = 'client_id=APP_ID&client_secret=APP_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=REDIRECT_URI&code_verifier=CODE_VERIFIER'
+ RestClient.post 'https://gitlab.example.com/oauth/token', parameters
+ ```
+
+ Example response:
+
+ ```json
+ {
+ "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68",
+ "token_type": "bearer",
+ "expires_in": 7200,
+ "refresh_token": "803c1fd487fec35562c205dac93e9d8e08f9d3652a24079d704df3039df1158f",
+ "created_at": 1628711391
+ }
+ ```
NOTE:
The `redirect_uri` must match the `redirect_uri` used in the original
@@ -181,6 +203,28 @@ be used as a CSRF token.
"created_at": 1607635748
}
```
+
+1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
+ be used even after the `access_token` itself expires. This request:
+ - Invalidates the existing `access_token` and `refresh_token`.
+ - Sends new tokens in the response.
+
+ ```ruby
+ parameters = 'client_id=APP_ID&client_secret=APP_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=REDIRECT_URI'
+ RestClient.post 'https://gitlab.example.com/oauth/token', parameters
+ ```
+
+ Example response:
+
+ ```json
+ {
+ "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68",
+ "token_type": "bearer",
+ "expires_in": 7200,
+ "refresh_token": "803c1fd487fec35562c205dac93e9d8e08f9d3652a24079d704df3039df1158f",
+ "created_at": 1628711391
+ }
+ ```
NOTE:
The `redirect_uri` must match the `redirect_uri` used in the original
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-13 19:11:19 +0300