Merge branch 'eread/deprecation-note-for-implicit-grant-flow' into 'master'

Add deprecation notice for implicit grant flow See merge request gitlab-org/gitlab!62061

Merge branch 'eread/deprecation-note-for-implicit-grant-flow' into 'master'
Add deprecation notice for implicit grant flow See merge request gitlab-org/gitlab!62061
31a69eb7 · Kati Paizee · 759c2c9c · 6dd45015 · 31a69eb7
Commit 31a69eb7 authored May 19, 2021 by Kati Paizee
Show whitespace changes
Inline Side-by-side

Showing with 4 additions and 2 deletions

doc/api/oauth2.md doc/api/oauth2.md +4 -2

No files found.
--- a/doc/api/oauth2.md
+++ b/doc/api/oauth2.md
@@ -194,8 +194,10 @@ NOTE:
 For a detailed flow diagram, see the [RFC specification](https://tools.ietf.org/html/rfc6749#section-4.2).
 WARNING:
-The Implicit grant flow is inherently insecure. The IETF plans to remove it in
+Implicit grant flow is inherently insecure and the IETF has removed it in [OAuth 2.1](https://oauth.net/2.1/).
-[OAuth 2.1](https://oauth.net/2.1/).
+For this reason, [support for it is deprecated](https://gitlab.com/gitlab-org/gitlab/-/issues/288516).
+In GitLab 14.0, new applications can't be created using it. In GitLab 14.4, support for it is
+scheduled to be removed for existing applications.
 We recommend that you use [Authorization code with PKCE](#authorization-code-with-proof-key-for-code-exchange-pkce) instead. If you choose to use Implicit flow, be sure to verify the
 `application id` (or `client_id`) associated with the access token before granting