OAuth2 provider documentation

doc/integration/README.md

@@ -6,8 +6,9 @@ See the documentation below for details on how to configure these services.
 
 - [External issue tracker](external-issue-tracker.md) Redmine, JIRA, etc.
 - [LDAP](ldap.md) Set up sign in via LDAP
-- [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, and Google via OAuth.
+- [OmniAuth](omniauth.md) Sign in via Twitter, GitHub, GitLab, and Google via OAuth.
 - [Slack](slack.md) Integrate with the Slack chat service
+- [OAuth2 provider](oauth_provider.md) OAuth2 application creation
 
 Jenkins support is [available in GitLab EE](http://doc.gitlab.com/ee/integration/jenkins.html).
 

doc/integration/oauth_provider.md

@@ -0,0 +1,31 @@
+## GitLab as OAuth2 provider
+OAuth2 provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. Or you can allow users to sign in to your application with their GitLab.com account.
+In fact OAuth allows to issue access token to third-party clients by an authorization server, 
+with the approval of the resource owner, or end-user. 
+Mostly, OAuth2 is using for SSO (Single sign-on). But you can find a lot of different usages for this functionality. 
+For example, our feature 'GitLab Importer' is using OAuth protocol to give an access to repositories without sharing user credentials to GitLab.com account. 
+Also GitLab.com application can be used for authentication to your GitLab instance if needed [GitLab OmniAuth](gitlab.md).
+
+GitLab has two ways to add new OAuth2 application to an instance, you can add application as regular user and through admin area. So GitLab actually can have an instance-wide and a user-wide applications. There is no defferences between them except the different permission levels.
+
+### Adding application through profile
+Go to your profile section 'Application' and press button 'New Application'
+
+![applications](oauth_provider/user_wide_applications.png)
+
+After this you will see application form, where "Name" is arbitrary name, "Redirect URI" is URL in your app where users will be sent after authorization on GitLab.com.
+
+![application_form](oauth_provider/application_form.png)
+
+### Authorized application
+Every application you authorized will be shown in your "Authorized application" sections.
+
+![authorized_application](oauth_provider/authorized_application.png)
+
+At any time you can revoke access just clicking button "Revoke"
+
+### OAuth applications in admin area
+
+If you want to create application that does not belong to certain user you can create it from admin area 
+
+![admin_application](oauth_provider/admin_application.png)