diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-08-19 12:08:42 +0300 |
commit | b76ae638462ab0f673e5915986070518dd3f9ad3 (patch) | |
tree | bdab0533383b52873be0ec0eb4d3c66598ff8b91 /doc/api/oauth2.md | |
parent | 434373eabe7b4be9593d18a585fb763f1e5f1a6f (diff) |
Add latest changes from gitlab-org/gitlab@14-2-stable-eev14.2.0-rc42
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r-- | doc/api/oauth2.md | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 1b06e554e5e..ce455c89d1a 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -83,7 +83,7 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`. - The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the `CODE_VERIFIER` - - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER))`. + - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`. 1. Request authorization code. To do that, you should redirect the user to the `/oauth/authorize` page with the following query parameters: @@ -123,6 +123,28 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD "created_at": 1607635748 } ``` + +1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may + be used even after the `access_token` itself expires. This request: + - Invalidates the existing `access_token` and `refresh_token`. + - Sends new tokens in the response. + + ```ruby + parameters = 'client_id=APP_ID&client_secret=APP_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=REDIRECT_URI&code_verifier=CODE_VERIFIER' + RestClient.post 'https://gitlab.example.com/oauth/token', parameters + ``` + + Example response: + + ```json + { + "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68", + "token_type": "bearer", + "expires_in": 7200, + "refresh_token": "803c1fd487fec35562c205dac93e9d8e08f9d3652a24079d704df3039df1158f", + "created_at": 1628711391 + } + ``` NOTE: The `redirect_uri` must match the `redirect_uri` used in the original @@ -181,6 +203,28 @@ be used as a CSRF token. "created_at": 1607635748 } ``` + +1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may + be used even after the `access_token` itself expires. This request: + - Invalidates the existing `access_token` and `refresh_token`. + - Sends new tokens in the response. + + ```ruby + parameters = 'client_id=APP_ID&client_secret=APP_SECRET&refresh_token=REFRESH_TOKEN&grant_type=refresh_token&redirect_uri=REDIRECT_URI' + RestClient.post 'https://gitlab.example.com/oauth/token', parameters + ``` + + Example response: + + ```json + { + "access_token": "c97d1fe52119f38c7f67f0a14db68d60caa35ddc86fd12401718b649dcfa9c68", + "token_type": "bearer", + "expires_in": 7200, + "refresh_token": "803c1fd487fec35562c205dac93e9d8e08f9d3652a24079d704df3039df1158f", + "created_at": 1628711391 + } + ``` NOTE: The `redirect_uri` must match the `redirect_uri` used in the original |