@@ -8,7 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
...
@@ -8,7 +8,8 @@ info: To determine the technical writer assigned to the Stage/Group associated w
## List all deploy keys
## List all deploy keys
Get a list of all deploy keys across all projects of the GitLab instance. This endpoint requires administrator access and is not available on GitLab.com.
Get a list of all deploy keys across all projects of the GitLab instance. This
endpoint requires an administrator role and is not available on GitLab.com.
```plaintext
```plaintext
GET /deploy_keys
GET /deploy_keys
...
@@ -74,7 +75,7 @@ Example response:
...
@@ -74,7 +75,7 @@ Example response:
]
]
```
```
## Single deploy key
## Get a single deploy key
Get a single key.
Get a single key.
...
@@ -213,10 +214,10 @@ Example response:
...
@@ -213,10 +214,10 @@ Example response:
}
}
```
```
## Adding deploy keys to multiple projects
## Add deploy keys to multiple projects
If you want to easily add the same deploy key to multiple projects in the same
If you want to add the same deploy key to multiple projects in the same
group, this can be achieved quite easily with the API.
group, this can be achieved with the API.
First, find the ID of the projects you're interested in, by either listing all
First, find the ID of the projects you're interested in, by either listing all
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
info:To determine the technical writer assigned to the Stage/Group associated with this page, see https://about.gitlab.com/handbook/engineering/ux/technical-writing/#designated-technical-writers
---
---
# GitLab as an OAuth2 provider
# GitLab as an OAuth 2.0 provider
This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow
This document covers using the [OAuth2](https://oauth.net/2/) protocol to allow
other services to access GitLab resources on user's behalf.
other services to access GitLab resources on user's behalf.
...
@@ -15,9 +15,9 @@ other services, see the [OAuth2 authentication service provider](../integration/
...
@@ -15,9 +15,9 @@ other services, see the [OAuth2 authentication service provider](../integration/
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
1. To retrieve a new `access_token`, use the `refresh_token` parameter. Refresh tokens may
be used even after the `access_token` itself expires. This request:
be used even after the `access_token` itself expires. This request:
- Invalidates the existing `access_token` and `refresh_token`.
- Invalidates the existing `access_token` and `refresh_token`.
...
@@ -245,12 +244,13 @@ scheduled to be removed for existing applications.
...
@@ -245,12 +244,13 @@ scheduled to be removed for existing applications.
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
`application id` (or `client_id`) associated with the access token before granting
`application id` (or `client_id`) associated with the access token before granting
access to the data, as described in [Retrieving the token information](#retrieving-the-token-information)).
access to the data. To learn more, read
[Retrieving the token information](#retrieve-the-token-information)).
Unlike the authorization code flow, the client receives an `access token`
Unlike the authorization code flow, the client receives an `access token`
immediately as a result of the authorization request. The flow does not use
immediately as a result of the authorization request. The flow does not use the
the client secret or the authorization code because all of the application code
client secret or the authorization code, as the application
and storage is easily accessible on client browsers and mobile devices.
code and storage is accessible on client browsers and mobile devices.
To request the access token, you should redirect the user to the
To request the access token, you should redirect the user to the
`/oauth/authorize` endpoint using `token` response type:
`/oauth/authorize` endpoint using `token` response type:
...
@@ -367,10 +367,11 @@ or you can put the token to the Authorization header:
...
@@ -367,10 +367,11 @@ or you can put the token to the Authorization header:
To verify the details of a token, use the `token/info` endpoint provided by the Doorkeeper gem.
To verify the details of a token, use the `token/info` endpoint provided by the
For more information, see [`/oauth/token/info`](https://github.com/doorkeeper-gem/doorkeeper/wiki/API-endpoint-descriptions-and-examples#get----oauthtokeninfo).