Merge branch 'jeffcrow-token-https' into 'master'

Docs: Change /token request to use HTTPS

See merge request gitlab-org/gitlab!39924

doc/api/oauth2.md

@@ -61,7 +61,7 @@ The web application flow is:
    include the GET `code` parameter, for example:
 
    ```plaintext
-   http://myapp.com/oauth/redirect?code=1234567890&state=YOUR_UNIQUE_STATE_HASH
+   https://example.com/oauth/redirect?code=1234567890&state=YOUR_UNIQUE_STATE_HASH
    ```
 
    You should then use `code` to request an access token.
@@ -72,7 +72,7 @@ The web application flow is:
 
    ```ruby
    parameters = 'client_id=APP_ID&client_secret=APP_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI'
-   RestClient.post 'http://gitlab.example.com/oauth/token', parameters
+   RestClient.post 'https://gitlab.example.com/oauth/token', parameters
    ```
 
    Example response:
@@ -125,7 +125,7 @@ will include a fragment with `access_token` as well as token details in GET
 parameters, for example:
 
 ```plaintext
-http://myapp.com/oauth/redirect#access_token=ABCDExyz123&state=YOUR_UNIQUE_STATE_HASH&token_type=bearer&expires_in=3600
+https://example.com/oauth/redirect#access_token=ABCDExyz123&state=YOUR_UNIQUE_STATE_HASH&token_type=bearer&expires_in=3600
 ```
 
 ### Resource owner password credentials flow
@@ -198,7 +198,7 @@ By default, the scope of the access token is `api`, which provides complete read
 For testing, you can use the `oauth2` Ruby gem:
 
 ```ruby
-client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http://example.com")
+client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "https://example.com")
 access_token = client.password.get_token('user@example.com', 'secret')
 puts access_token.token
 ```