diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-07 09:11:06 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-09-07 09:11:06 +0300 |
commit | 777dc3053f8433a9f5c9cc868325e16eac5d93e5 (patch) | |
tree | a48494d384fc4a8ac5a356821844214e0e8a6fc2 /doc/api/oauth2.md | |
parent | 86db9fdda7bc7d0d709c5fef5f7c75a849d6f702 (diff) |
Add latest changes from gitlab-org/gitlab@master
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r-- | doc/api/oauth2.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index 528f012c7a8..02904f2be5b 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -82,7 +82,11 @@ Before starting the flow, generate the `STATE`, the `CODE_VERIFIER` and the `COD which use the characters `A-Z`, `a-z`, `0-9`, `-`, `.`, `_`, and `~`. - The `CODE_CHALLENGE` is an URL-safe base64-encoded string of the SHA256 hash of the `CODE_VERIFIER` + - The SHA256 hash must be in binary format before encoding. - In Ruby, you can set that up with `Base64.urlsafe_encode64(Digest::SHA256.digest(CODE_VERIFIER), padding: false)`. + - For reference, a `CODE_VERIFIER` string of `ks02i3jdikdo2k0dkfodf3m39rjfjsdk0wk349rj3jrhf` when hashed + and encoded using the Ruby snippet above produces a `CODE_CHALLENGE` string + of `2i0WFA-0AerkjQm4X4oDEhqA17QIAKNjXpagHBXmO_U`. 1. Request authorization code. To do that, you should redirect the user to the `/oauth/authorize` page with the following query parameters: |