en: activerecord: errors: models: application: attributes: redirect_uri: fragment_present: 'cannot contain a fragment.' invalid_uri: 'must be a valid URI.' relative_uri: 'must be an absolute URI.' mongoid: errors: models: application: attributes: redirect_uri: fragment_present: 'cannot contain a fragment.' invalid_uri: 'must be a valid URI.' relative_uri: 'must be an absolute URI.' mongo_mapper: errors: models: application: attributes: redirect_uri: fragment_present: 'cannot contain a fragment.' invalid_uri: 'must be a valid URI.' relative_uri: 'must be an absolute URI.' doorkeeper: errors: messages: # Common error messages invalid_redirect_uri: 'The redirect URI included is not valid.' unauthorized_client: 'The client is not authorized to perform this request using this method.' access_denied: 'The resource owner or authorization server denied the request.' invalid_scope: 'The requested scope is invalid, unknown, or malformed.' server_error: 'The authorization server encountered an unexpected condition which prevented it from fulfilling the request.' unconfirmed_email: 'Verify the email address in your account profile before you sign in.' temporarily_unavailable: 'The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.' #configuration error messages credential_flow_not_configured: 'Resource Owner Password Credentials flow failed due to Doorkeeper.configure.resource_owner_from_credentials being unconfigured.' resource_owner_authenticator_not_configured: 'Resource Owner find failed due to Doorkeeper.configure.resource_owner_authenticator being unconfiged.' # Access grant errors unsupported_response_type: 'The authorization server does not support this response type.' # Access token errors invalid_client: 'Client authentication failed due to unknown client, no client authentication included, or unsupported authentication method.' invalid_grant: 'The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.' unsupported_grant_type: 'The authorization grant type is not supported by the authorization server.' # Password Access token errors invalid_resource_owner: 'The provided resource owner credentials are not valid, or resource owner cannot be found' invalid_request: unknown: 'The request is missing a required parameter, includes an unsupported parameter value, or is otherwise malformed.' missing_param: 'Missing required parameter: %{value}.' not_support_pkce: 'Invalid code_verifier parameter. Server does not support pkce.' request_not_authorized: 'Request need to be authorized. Required parameter for authorizing request is missing or invalid.' invalid_token: revoked: "The access token was revoked" expired: "The access token expired" unknown: "The access token is invalid" scopes: api: Access the authenticated user's API read_user: Read the authenticated user's personal information read_repository: Allows read-only access to the repository write_repository: Allows read-write access to the repository read_registry: Grants permission to read container registry images read_observability: Allows read-only access to GitLab Observability write_observability: Allows read-write access to GitLab Observability openid: Authenticate using OpenID Connect sudo: Perform API actions as any user in the system profile: Allows read-only access to the user's personal information using OpenID Connect email: Allows read-only access to the user's primary email address using OpenID Connect scope_desc: api: Grants complete read/write access to the API, including all groups and projects, the container registry, and the package registry. read_api: Grants read access to the API, including all groups and projects, the container registry, and the package registry. read_user: Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. read_repository: Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. write_repository: Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). read_registry: Grants read-only access to container registry images on private projects. write_registry: Grants write access to container registry images on private projects. read_observability: Grants read-only access to GitLab Observability. write_observability: Grants write access to GitLab Observability. openid: Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships. sudo: Grants permission to perform API actions as any user in the system, when authenticated as an admin user. profile: Grants read-only access to the user's profile data using OpenID Connect. email: Grants read-only access to the user's primary email address using OpenID Connect. admin_mode: Grants permission to perform API actions as an administrator, when Admin Mode is enabled. project_access_token_scope_desc: api: Grants complete read and write access to the scoped project API, including the Package Registry. read_api: Grants read access to the scoped project API, including the Package Registry. read_repository: Grants read access (pull) to the repository. write_repository: Grants read and write access (pull and push) to the repository. read_registry: Grants read access (pull) to the Container Registry images if a project is private and authorization is required. write_registry: Grants write access (push) to the Container Registry. flash: applications: create: notice: 'The application was created successfully.' destroy: notice: 'The application was deleted successfully.' update: notice: 'The application was updated successfully.' authorized_applications: destroy: notice: 'The application was revoked access.'