From 78a2026a822c557c6abda15171e4dc38d9259e5c Mon Sep 17 00:00:00 2001
From: vin01 <30344579+vin01@users.noreply.github.com>
Date: Thu, 1 Oct 2020 18:29:48 +0000
Subject: [PATCH] Use read_api scope for GitLab OAuth (#27976)

`read_api` seems to be the minimal scope currently which can be used, it shall be preferred over `api` which grants complete read/write access.

- https://gitlab.com/gitlab-org/gitlab/-/merge_requests/28944#note_322904691
- https://gitlab.com/gitlab-org/gitlab/-/issues/21909
---
 docs/sources/auth/gitlab.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/sources/auth/gitlab.md b/docs/sources/auth/gitlab.md
index 0c5e9d8dd7f..3e14ae5977d 100644
--- a/docs/sources/auth/gitlab.md
+++ b/docs/sources/auth/gitlab.md
@@ -31,9 +31,9 @@ instance, if you access Grafana at `http://203.0.113.31:3000`, you should use
 http://203.0.113.31:3000/login/gitlab
 ```
 
-Finally, select *api* as the *Scope* and submit the form. Note that if you're
+Finally, select *read_api* as the *Scope* and submit the form. Note that if you're
 not going to use GitLab groups for authorization (i.e. not setting
-`allowed_groups`, see below), you can select *read_user* instead of *api* as
+`allowed_groups`, see below), you can select *read_user* instead of *read_api* as
 the *Scope*, thus giving a more restricted access to your GitLab API.
 
 You'll get an *Application Id* and a *Secret* in return; we'll call them