diff options
Diffstat (limited to 'doc/api/oauth2.md')
| -rw-r--r-- | doc/api/oauth2.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index aca6ee74b15..371e3f9ae47 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -63,7 +63,7 @@ For a list of scopes in GitLab, see [the provider documentation](../integration/ ### Prevent CSRF attacks -To [protect redirect-based flows](https://tools.ietf.org/id/draft-ietf-oauth-security-topics-13.html#rec_redirect), +To [protect redirect-based flows](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics-13#section-3.1), the OAuth specification recommends the use of "One-time use CSRF tokens carried in the state parameter, which are securely bound to the user agent", with each request to the `/oauth/authorize` endpoint. This can prevent |