Commit graph

18 commits

Author SHA1 Message Date
GitLab Bot
4e06ca9e7d Add latest changes from gitlab-org/gitlab@master 2020-09-02 18:10:40 +00:00
GitLab Bot
4f5c8572e9 Add latest changes from gitlab-org/gitlab@master 2020-06-16 18:09:01 +00:00
GitLab Bot
47579e24f3 Add latest changes from gitlab-org/gitlab@master 2020-05-27 21:08:05 +00:00
GitLab Bot
e2d4a6dedb Add latest changes from gitlab-org/gitlab@master 2020-05-14 00:07:47 +00:00
GitLab Bot
403678e004 Add latest changes from gitlab-org/gitlab@master 2020-04-08 12:09:42 +00:00
Nick Kipling
653b7b72f2 Update personal access token api scope description 2019-08-13 17:15:39 +00:00
Pierre Tardy
1cd36afbf6 [skip ci] Update doorkeeper.en.yml 2019-06-17 14:59:54 +00:00
Pierre Tardy
290e459613 read_repository scope can be used for API
as per documentation https://docs.gitlab.com/ee/api/repository_files.html
You can use read_repository to access repository_file API.

Not sure about write_repository as it is new and not documented in that page.
2019-06-14 08:57:58 +00:00
Horatiu Eugen Vlad
0aa56d895d Added write_repository scope for personal access token 2019-04-15 13:05:55 +00:00
GotenXiao
7a1c810dc9 Fix #44332 - Add support for profile and email 2019-02-06 16:48:36 +00:00
Marcel Amirault
95a111c711 Update _scopes_form.html.haml to remove duplicate information 2018-06-26 13:54:23 +00:00
Hassan Zamani
583ef9458c
Add groups to OpenID Connect claims 2018-02-08 13:22:41 +01:00
Douwe Maan
ab1f3b47a8 Merge branch '32059-fix-oauth-phishing' into 'security-10-1'
Prevent OAuth phishing attack by presenting detailed wording about app to user during authorization

See merge request gitlab/gitlabhq!2205
2017-11-10 16:26:53 +08:00
Douwe Maan
3f24f9ed18 Add sudo API scope 2017-11-02 11:39:03 +01:00
Markus Koller
c498289048 Implement OpenID Connect identity provider 2017-03-07 14:54:35 +01:00
Timothy Andrew
7fa06ed55d Calls to the API are checked for scope.
- Move the `Oauth2::AccessTokenValidationService` class to
  `AccessTokenValidationService`, since it is now being used for
  personal access token validation as well.

- Each API endpoint declares the scopes it accepts (if any). Currently,
  the top level API module declares the `api` scope, and the `Users` API
  module declares the `read_user` scope (for GET requests).

- Move the `find_user_by_private_token` from the API `Helpers` module to
  the `APIGuard` module, to avoid littering `Helpers` with more
  auth-related methods to support `find_user_by_private_token`
2016-12-16 16:29:31 +05:30
Douwe Maan
0c4653e101 Improve OAuth application flash messages. 2015-05-13 09:41:56 +02:00
Valery Sizov
e41dadcb33 Doorkeeper integration 2014-12-24 15:38:07 +02:00