Commit 9b3f7d7f authored by Mike Jang's avatar Mike Jang

Merge branch 'jeffcrow-token-https' into 'master'

Docs: Change /token request to use HTTPS

See merge request gitlab-org/gitlab!39924
parents 1ead149c 8a695679
...@@ -61,7 +61,7 @@ The web application flow is: ...@@ -61,7 +61,7 @@ The web application flow is:
include the GET `code` parameter, for example: include the GET `code` parameter, for example:
```plaintext ```plaintext
http://myapp.com/oauth/redirect?code=1234567890&state=YOUR_UNIQUE_STATE_HASH https://example.com/oauth/redirect?code=1234567890&state=YOUR_UNIQUE_STATE_HASH
``` ```
You should then use `code` to request an access token. You should then use `code` to request an access token.
...@@ -72,7 +72,7 @@ The web application flow is: ...@@ -72,7 +72,7 @@ The web application flow is:
```ruby ```ruby
parameters = 'client_id=APP_ID&client_secret=APP_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI' parameters = 'client_id=APP_ID&client_secret=APP_SECRET&code=RETURNED_CODE&grant_type=authorization_code&redirect_uri=REDIRECT_URI'
RestClient.post 'http://gitlab.example.com/oauth/token', parameters RestClient.post 'https://gitlab.example.com/oauth/token', parameters
``` ```
Example response: Example response:
...@@ -125,7 +125,7 @@ will include a fragment with `access_token` as well as token details in GET ...@@ -125,7 +125,7 @@ will include a fragment with `access_token` as well as token details in GET
parameters, for example: parameters, for example:
```plaintext ```plaintext
http://myapp.com/oauth/redirect#access_token=ABCDExyz123&state=YOUR_UNIQUE_STATE_HASH&token_type=bearer&expires_in=3600 https://example.com/oauth/redirect#access_token=ABCDExyz123&state=YOUR_UNIQUE_STATE_HASH&token_type=bearer&expires_in=3600
``` ```
### Resource owner password credentials flow ### Resource owner password credentials flow
...@@ -198,7 +198,7 @@ By default, the scope of the access token is `api`, which provides complete read ...@@ -198,7 +198,7 @@ By default, the scope of the access token is `api`, which provides complete read
For testing, you can use the `oauth2` Ruby gem: For testing, you can use the `oauth2` Ruby gem:
```ruby ```ruby
client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http://example.com") client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "https://example.com")
access_token = client.password.get_token('user@example.com', 'secret') access_token = client.password.get_token('user@example.com', 'secret')
puts access_token.token puts access_token.token
``` ```
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment