Add latest changes from gitlab-org/gitlab@master

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-19 18:10:40 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-19 18:10:40 +0300
commit: a6508d0028191c42620414994b2fe4ce62467a73 (patch)
tree: 34461b887babb2778a286bb3c988bd9b3af8a3a1 /doc/api/oauth2.md
parent: f304336f5e0a200137bd87a3895f1bf20a61b1fb (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index dfb91283b50..61eaf0f36d7 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -194,8 +194,10 @@ NOTE:
 For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
 
 WARNING:
-The Implicit grant flow is inherently insecure. The IETF plans to remove it in
-[OAuth 2.1](https://oauth.net/2.1/).
+Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
+For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
+In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
+scheduled to be removed for existing applications.
 
 We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
 `application id` (or `client_id`) associated with the access token before granting
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-19 18:10:40 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-19 18:10:40 +0300
commit	a6508d0028191c42620414994b2fe4ce62467a73 (patch)
tree	34461b887babb2778a286bb3c988bd9b3af8a3a1 /doc/api/oauth2.md
parent	f304336f5e0a200137bd87a3895f1bf20a61b1fb (diff)