From d7b136d5471b5925ff784f78b9c11ec63c2a3549 Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Thu, 28 May 2020 21:08:22 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 doc/api/oauth2.md | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

(limited to 'doc/api/oauth2.md')

diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md
index 0bf7ae399f0..cc8b31ecf17 100644
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -173,11 +173,14 @@ the following parameters:
 }
 ```
 
+Also you must use HTTP Basic authentication using the `client_id` and`client_secret`
+values to authenticate the client that performs a request.
+
 Example cURL request:
 
 ```shell
 echo 'grant_type=password&username=<your_username>&password=<your_password>' > auth.txt
-curl --data "@auth.txt" --request POST "https://gitlab.example.com/oauth/token"
+curl --data "@auth.txt" --user client_id:client_secret --request POST "https://gitlab.example.com/oauth/token"
 ```
 
 Then, you'll receive the access token back in the response:
@@ -190,6 +193,8 @@ Then, you'll receive the access token back in the response:
 }
 ```
 
+By default, the scope of the access token is `api`, which provides complete read/write access.
+
 For testing, you can use the `oauth2` Ruby gem:
 
 ```ruby
-- 
cgit v1.2.3