Add documentation around OAuth/Personal Access Token scopes.

This commit is contained in:
Timothy Andrew 2016-12-21 20:09:44 +05:30
parent 7e88b242ce
commit 63e8dc8a76
No known key found for this signature in database
GPG key ID: ADC2E3B686F331DB
2 changed files with 13 additions and 3 deletions

View file

@ -104,6 +104,13 @@ that needs access to the GitLab API.
Once you have your token, pass it to the API using either the `private_token`
parameter or the `PRIVATE-TOKEN` header.
> [Introduced][ce-5951] in GitLab 8.15.
Personal Access Tokens can be created with one or more scopes that allow various actions
that a given token can perform. Although there are only two scopes available at the
moment `read_user` and `api` the groundwork has been laid to add more scopes easily.
At any time you can revoke any personal access token by just clicking **Revoke**.
### Session Cookie
@ -380,3 +387,4 @@ programming languages. Visit the [GitLab website] for a complete list.
[GitLab website]: https://about.gitlab.com/applications/#api-clients "Clients using the GitLab API"
[lib-api-url]: https://gitlab.com/gitlab-org/gitlab-ce/tree/master/lib/api/api.rb
[ce-3749]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/3749
[ce-5951]: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951

View file

@ -74,8 +74,10 @@ in the **Authorized applications** section under **Profile Settings > Applicatio
---
As you can see, the default scope `api` is used, which is the only scope that
GitLab supports so far. At any time you can revoke any access by just clicking
**Revoke**.
GitLab's OAuth applications support scopes, which allow various actions that any given
application can perform. Although there are only two scopes available at the
moment `read_user` and `api` the groundwork has been laid to add more scopes easily.
At any time you can revoke any access by just clicking **Revoke**.
[oauth]: http://oauth.net/2/ "OAuth website"