Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/doc/api/oauth2.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/api/oauth2.md')
-rw-r--r--doc/api/oauth2.md16
1 files changed, 8 insertions, 8 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index 0b7e0ba08eb..aca6ee74b15 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -2,7 +2,7 @@
type: reference, howto
stage: Manage
group: Authentication and Authorization
-info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#assignments
+info: To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/product/ux/technical-writing/#assignments
---
# OAuth 2.0 identity provider API **(FREE)**
@@ -37,7 +37,7 @@ For example, the `X-Requested-With` header can't be used for preflight requests.
GitLab supports the following authorization flows:
-- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636):**
+- **Authorization code with [Proof Key for Code Exchange (PKCE)](https://www.rfc-editor.org/rfc/rfc7636):**
Most secure. Without PKCE, you'd have to include client secrets on mobile clients,
and is recommended for both client and server apps.
- **Authorization code:** Secure and common flow. Recommended option for secure
@@ -48,7 +48,7 @@ GitLab supports the following authorization flows:
The draft specification for [OAuth 2.1](https://oauth.net/2.1/) specifically omits both the
Implicit grant and Resource Owner Password Credentials flows.
-Refer to the [OAuth RFC](https://tools.ietf.org/html/rfc6749) to find out
+Refer to the [OAuth RFC](https://www.rfc-editor.org/rfc/rfc6749) to find out
how all those flows work and pick the right one for your use case.
Authorization code (with or without PKCE) flow requires `application` to be
@@ -75,15 +75,15 @@ For production, please use HTTPS for your `redirect_uri`.
For development, GitLab allows insecure HTTP redirect URIs.
As OAuth 2.0 bases its security entirely on the transport layer, you should not use unprotected
-URIs. For more information, see the [OAuth 2.0 RFC](https://tools.ietf.org/html/rfc6749#section-3.1.2.1)
-and the [OAuth 2.0 Threat Model RFC](https://tools.ietf.org/html/rfc6819#section-4.4.2.1).
+URIs. For more information, see the [OAuth 2.0 RFC](https://www.rfc-editor.org/rfc/rfc6749#section-3.1.2.1)
+and the [OAuth 2.0 Threat Model RFC](https://www.rfc-editor.org/rfc/rfc6819#section-4.4.2.1).
In the following sections you can find detailed instructions on how to obtain
authorization with each flow.
### Authorization code with Proof Key for Code Exchange (PKCE)
-The [PKCE RFC](https://tools.ietf.org/html/rfc7636#section-1.1) includes a
+The [PKCE RFC](https://www.rfc-editor.org/rfc/rfc7636#section-1.1) includes a
detailed flow description, from authorization request through access token.
The following steps describe our implementation of the flow.
@@ -177,7 +177,7 @@ You can now make requests to the API with the access token.
### Authorization code flow
NOTE:
-Check the [RFC spec](https://tools.ietf.org/html/rfc6749#section-4.1) for a
+Check the [RFC spec](https://www.rfc-editor.org/rfc/rfc6749#section-4.1) for a
detailed flow description.
The authorization code flow is essentially the same as
@@ -257,7 +257,7 @@ You can now make requests to the API with the access token returned.
### Resource owner password credentials flow
NOTE:
-Check the [RFC spec](https://tools.ietf.org/html/rfc6749#section-4.3) for a
+Check the [RFC spec](https://www.rfc-editor.org/rfc/rfc6749#section-4.3) for a
detailed flow description.
NOTE:
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-15 01:07:12 +0300