diff options
| author | Felipe Artur <felipefac@gmail.com> | 2016-06-29 11:31:50 -0300 |
|---|---|---|
| committer | Felipe Artur <felipefac@gmail.com> | 2016-06-29 11:32:38 -0300 |
| commit | d2971315abd0e6e94860505e50ec71082c3679da (patch) | |
| tree | 0f3dcf23406ec9fb3d6362b7f746e978ace692b3 /doc/api/oauth2.md | |
| parent | 36d48120f66d52dcc8697893ca1ab85322ba7c8b (diff) | |
| parent | bef4294c58e0bbadc01f633fc8bea514801de7ae (diff) | |
| download | gitlab-ce-d2971315abd0e6e94860505e50ec71082c3679da.tar.gz | |
Merge branch 'master' into issue_3359_3issue_3359_3
Diffstat (limited to 'doc/api/oauth2.md')
| -rw-r--r-- | doc/api/oauth2.md | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/doc/api/oauth2.md b/doc/api/oauth2.md index d416a826f79..31902e145f6 100644 --- a/doc/api/oauth2.md +++ b/doc/api/oauth2.md @@ -65,6 +65,13 @@ curl -H "Authorization: Bearer OAUTH-TOKEN" https://localhost:3000/api/v3/user ## Resource Owner Password Credentials +## Deprecation Notice + +1. Starting in GitLab 9.0, the Resource Owner Password Credentials will be *disabled* for users with two-factor authentication turned on. +2. These users can access the API using [personal access tokens] instead. + +--- + In this flow, a token is requested in exchange for the resource owner credentials (username and password). The credentials should only be used when there is a high degree of trust between the resource owner and the client (e.g. the client is part of the device operating system or a highly privileged application), and when other authorization grant types are not @@ -100,3 +107,5 @@ client = OAuth2::Client.new('the_client_id', 'the_client_secret', :site => "http access_token = client.password.get_token('user@example.com', 'sekret') puts access_token.token ``` + +[personal access tokens]: ./README.md#personal-access-tokens |