gitlab4j · jmini · Mar 7, 2025 · Mar 7, 2025 · Mar 7, 2025 · Mar 7, 2025
diff --git a/gitlab4j-api/src/main/java/org/gitlab4j/api/ApplicationsApi.java b/gitlab4j-api/src/main/java/org/gitlab4j/api/ApplicationsApi.java
@@ -5,6 +5,7 @@
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
+import jakarta.ws.rs.core.Form;
 import jakarta.ws.rs.core.GenericType;
 import jakarta.ws.rs.core.Response;
 
@@ -83,7 +84,9 @@ public Stream<Application> getApplicationsStream() throws GitLabApiException {
      * @param scopes the scopes of the application (api, read_user, sudo, read_repository, openid, profile, email)
      * @return the created Application instance
      * @throws GitLabApiException if any exception occurs
+     * @deprecated use {@link #createApplication(String, String, List, Boolean)} instead
      */
+    @Deprecated
     public Application createApplication(String name, String redirectUri, ApplicationScope[] scopes)
             throws GitLabApiException {
 
@@ -104,19 +107,40 @@ public Application createApplication(String name, String redirectUri, Applicatio
      * @param scopes the scopes of the application (api, read_user, sudo, read_repository, openid, profile, email)
      * @return the created Application instance
      * @throws GitLabApiException if any exception occurs
+     * @deprecated use {@link #createApplication(String, String, List, Boolean)} instead
      */
+    @Deprecated
     public Application createApplication(String name, String redirectUri, List<ApplicationScope> scopes)
             throws GitLabApiException {
+        return createApplication(name, redirectUri, scopes, null);
+    }
+
+    /**
+     * Create an OAUTH Application.
+     *
+     * <pre><code>GitLab Endpoint: POST /api/v4/applications</code></pre>
+     *
+     * @param name the name for the OAUTH Application
+     * @param redirectUri the redirect URI for the OAUTH Application
+     * @param scopes the scopes of the application (api, read_user, sudo, read_repository, openid, profile, email)
+     * @param confidential The application is used where the client secret can be kept confidential. Native mobile apps and Single Page Apps are considered non-confidential
+     * @return the created Application instance
+     * @throws GitLabApiException if any exception occurs
+     */
+    public Application createApplication(
+            String name, String redirectUri, List<ApplicationScope> scopes, Boolean confidential)
+            throws GitLabApiException {
 
         if (scopes == null || scopes.isEmpty()) {
             throw new GitLabApiException("scopes cannot be null or empty");
         }
 
-        String scopesString = scopes.stream().map(ApplicationScope::toString).collect(Collectors.joining(","));
+        String scopesString = scopes.stream().map(ApplicationScope::toString).collect(Collectors.joining(" "));
         GitLabApiForm formData = new GitLabApiForm()
                 .withParam("name", name, true)
                 .withParam("redirect_uri", redirectUri, true)
-                .withParam("scopes", scopesString, true);
+                .withParam("scopes", scopesString, true)
+                .withParam("confidential", confidential);
         Response response = post(Response.Status.CREATED, formData, "applications");
         return (response.readEntity(Application.class));
     }
@@ -132,4 +156,18 @@ public Application createApplication(String name, String redirectUri, List<Appli
     public void deleteApplication(Long applicationId) throws GitLabApiException {
         delete(Response.Status.NO_CONTENT, null, "applications", applicationId);
     }
+
+    /**
+     * Renews an application secret.
+     *
+     * <pre><code>GitLab Endpoint: POST /applications/:id/renew-secret</code></pre>
+     *
+     * @param applicationId the ID of the OUAUTH Application to renew
+     * @return the updated Application instance
+     * @throws GitLabApiException if any exception occurs
+     */
+    public Application renewSecret(Long applicationId) throws GitLabApiException {
+        Response response = post(Response.Status.CREATED, (Form) null, "applications", applicationId, "renew-secret");
+        return (response.readEntity(Application.class));
+    }
 }
diff --git a/gitlab4j-models/src/main/java/org/gitlab4j/api/models/Application.java b/gitlab4j-models/src/main/java/org/gitlab4j/api/models/Application.java
@@ -2,13 +2,17 @@
 
 import java.io.Serializable;
 
+import org.gitlab4j.models.utils.JacksonJson;
+
 public class Application implements Serializable {
     private static final long serialVersionUID = 1L;
 
     private Long id;
     private String applicationId;
     private String applicationName;
     private String callbackUrl;
+    private Boolean confidential;
+    private String secret;
 
     public Long getId() {
         return id;
@@ -41,4 +45,25 @@ public String getCallbackUrl() {
     public void setCallbackUrl(String callbackUrl) {
         this.callbackUrl = callbackUrl;
     }
+
+    public Boolean getConfidential() {
+        return confidential;
+    }
+
+    public void setConfidential(Boolean confidential) {
+        this.confidential = confidential;
+    }
+
+    public String getSecret() {
+        return secret;
+    }
+
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
+
+    @Override
+    public String toString() {
+        return (JacksonJson.toJsonString(this));
+    }
 }
diff --git a/gitlab4j-models/src/main/java/org/gitlab4j/models/Constants.java b/gitlab4j-models/src/main/java/org/gitlab4j/models/Constants.java
@@ -829,26 +829,55 @@ public String toString() {
      * Enum for the various Application scope values.
      */
     public enum ApplicationScope {
-
-        /**  Access the authenticated user's API */
+        /** Grants complete read/write access to the API, including all groups and projects, the container registry, the dependency proxy, and the package registry. */
         API,
 
-        /** Read the authenticated user's personal information */
+        /** Grants read access to the API, including all groups and projects, the container registry, and the package registry. */
+        READ_API,
+
+        /** Grants read-only access to your profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users. */
         READ_USER,
 
-        /**  Perform API actions as any user in the system */
-        SUDO,
+        /** Grants create access to the runners. */
+        CREATE_RUNNER,
 
-        /** Allows read-access to the repository */
+        /** Grants access to manage the runners. */
+        MANAGE_RUNNER,
+
+        /** Grants permission to perform Kubernetes API calls using the agent for Kubernetes. */
+        K8S_PROXY,
+
+        /** Grants read-only access to repositories on private projects using Git-over-HTTP or the Repository Files API. */
         READ_REPOSITORY,
 
-        /** Authenticate using OpenID Connect */
+        /** Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API). */
+        WRITE_REPOSITORY,
+
+        /** Grants read-only access to GitLab Observability. */
+        READ_OBSERVABILITY,
+
+        /** Grants write access to GitLab Observability. */
+        WRITE_OBSERVABILITY,
+
+        /** Grants access to GitLab Duo related API endpoints. */
+        AI_FEATURES,
+
+        /** Grants permission to perform API actions as any user in the system, when authenticated as an admin user. */
+        SUDO,
+
+        /** Grants permission to perform API actions as an administrator, when Admin Mode is enabled. */
+        ADMIN_MODE,
+
+        /** Grant access to download Service Ping payload via API when authenticated as an admin user. */
+        READ_SERVICE_PING,
+
+        /** Grants permission to authenticate with GitLab using OpenID Connect. Also gives read-only access to the user's profile and group memberships. */
         OPENID,
 
-        /** Allows read-only access to the user's personal information using OpenID Connect */
+        /** Grants read-only access to the user's profile data using OpenID Connect. */
         PROFILE,
 
-        /** Allows read-only access to the user's primary email address using OpenID Connect */
+        /** Grants read-only access to the user's primary email address using OpenID Connect. */
         EMAIL;
 
         private static JacksonJsonEnumHelper<ApplicationScope> enumHelper =

diff --git a/gitlab4j-models/src/test/resources/org/gitlab4j/models/applications.json b/gitlab4j-models/src/test/resources/org/gitlab4j/models/applications.json
@@ -3,6 +3,8 @@
         "id": 1,
         "application_id": "5832fc6e14300a0d962240a8144466eef4ee93ef0d218477e55f11cf12fc3737",
         "application_name": "MyApplication",
-        "callback_url": "http://redirect.uri"
+        "secret": "ee1dd64b6adc89cf7e2c23099301ccc2c61b441064e9324d963c46902a85ec34",
+        "callback_url": "http://redirect.uri",
+        "confidential": true
     }
 ]