Add latest changes from gitlab-org/gitlab@master

1 files changed, 14 insertions, 0 deletions

diff --git a/doc/integration/oauth_provider.md b/doc/integration/oauth_provider.md
index 99f8f9ff783..19f9592c7ca 100644
--- a/doc/integration/oauth_provider.md
+++ b/doc/integration/oauth_provider.md
@@ -137,3 +137,17 @@ On self-managed GitLab, by default, this feature is not available. To make it av
 On GitLab.com, this feature is not available.
 
 By default, OAuth application secrets are stored as plain text in the database. When enabled, OAuth application secrets are stored in the database in hashed format and are only available to users immediately after creating OAuth applications.
+
+## Hashed OAuth tokens
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/364110) in GitLab 15.3 [with a flag](../administration/feature_flags.md) named `hash_oauth_tokens`. Enabled on GitLab.com. Disabled by default for self-managed.
+> - [Enabled by default on self-managed](https://gitlab.com/gitlab-org/gitlab/-/issues/337507) in GitLab 15.5.
+
+FLAG:
+On self-managed GitLab, by default, this feature is enabled. If you detect a problem, ask an administrator to
+[disable the feature flag](../administration/feature_flags.md) named `hash_oauth_tokens`. If the feature flag is disabled, any tokens that were stored
+in encrypted format are inaccessible. Users must reauthorize applications.
+On GitLab.com, this feature is enabled.
+
+By default, OAuth access tokens are stored in the database in PBKDF2+SHA512 format. GitLab administrators can disable this and OAuth access tokens are
+then stored in plaintext in the database.