Merge pull request #803 from timofurrer/doc/auth

Improve documentation around authentication with GitLab. Closes #557

Author: armsnyder

gitlab/config.go

@@ -68,8 +68,9 @@ func (c *Config) Client() (*gitlab.Client, error) {
 		opts = append(opts, gitlab.WithBaseURL(c.BaseURL))
 	}
 
-	// The OAuth method is also compatible with project/personal access tokens because they are all usable as Bearer tokens.
-	// https://docs.gitlab.com/ee/api
+	// The OAuth method is also compatible with project/group/personal access and job tokens because they are all usable as Bearer tokens.
+	// Although the job token API access is very limited.
+	// see https://docs.gitlab.com/ee/api#authentication
 	client, err := gitlab.NewOAuthClient(c.Token, opts...)
 	if err != nil {
 		return nil, err

gitlab/provider.go

@@ -124,7 +124,7 @@ var descriptions map[string]string
 
 func init() {
 	descriptions = map[string]string{
-		"token": "The OAuth2 token or project/personal access token used to connect to GitLab.",
+		"token": "The OAuth2 Token, Project, Group, Personal Access Token or CI Job Token used to connect to GitLab. The OAuth method is used in this provider for authentication (using Bearer authorization token). See https://docs.gitlab.com/ee/api/#authentication for details",
 
 		"base_url": "The GitLab Base API URL",
 
@@ -136,7 +136,7 @@ func init() {
 
 		"client_key": "File path to client key when GitLab instance is behind company proxy. File must contain PEM encoded data.",
 
-		"early_auth_check": "Try to authenticate with the `CurrentUser` endpoint during the provider initialization. (experimental, see docs)",
+		"early_auth_check": "Try to authenticate with the `CurrentUser` endpoint during the provider initialization. Needs to be disabled for CI Job Tokens. (experimental, see docs)",
 	}
 }