Document new OAuth changes for 4.3.0 (#1445)

* Improve deprecation messaging for Application#vapid_key

* Format JSON examples in Instance methods

* Remove vapid_key from Apps API examples, since this property is deprecated on Application entity

* Add documentation for new OAuth 2.0 features added in 4.3.0

* Improve documentation for oauth-scopes

* Update content/en/api/oauth-scopes.md

Co-authored-by: Matt Jankowski <matt@jankowski.online>

* Update content/en/api/oauth-scopes.md

Co-authored-by: Matt Jankowski <matt@jankowski.online>

* Update content/en/api/oauth-scopes.md

Co-authored-by: Matt Jankowski <matt@jankowski.online>

* Update content/en/api/oauth-scopes.md

Co-authored-by: Matt Jankowski <matt@jankowski.online>

* Add deprecated and removed shortcode labels

* Use deprecated and removed shortcodes

* Improve OAuth documentation

* More OAuth documentation improvements

* Correct streaming API documentation after 4.2.0 changes

* Add note about improved Push Subscription API validation in 4.3.0

* Fix inconsistent OAuth label formatting

* Add note that there is a relationship between Accounts and the Application used to create them

* Add note that application registration endpoint also supports JSON bodies

* Be consistent in the formatting of placeholder values for Bearer tokens

* code review changes

* Slight changes in wording

* Add documentation for PKCE

* Removal of crypto oauth scope

* Cross-link authorization's scope with the OAuth Scopes documentation

* Update content/en/methods/oauth.md

* Update content/en/api/oauth-scopes.md

---------

Co-authored-by: Matt Jankowski <matt@jankowski.online>
Co-authored-by: David Roetzel <david@roetzel.de>

content/en/entities/Application.md

@@ -16,9 +16,14 @@ aliases: [
 
 ```json
 {
-  "name": "test app",
-  "website": null,
-  "vapid_key": "BCk-QqERU0q-CfYZjcuB6lnyyOYfJ2AifKqfeGIm7Z-HiTU5T9eTG5GxVA0_OH5mMlI4UkkDTpaZwozy0TzdZ2M="
+  "name": "Test Application",
+  "website": "https://app.example",
+  "scopes": ["read", "write", "push"],
+  "redirect_uri": "https://app.example/callback\nhttps://app.example/register",
+  "redirect_uris": [
+    "https://app.example/callback",
+    "https://app.example/register"
+  ]
 }
 ```
 
@@ -39,29 +44,63 @@ aliases: [
 0.9.9 - added\
 3.5.1 - this property is now nullable
 
-### `client_id` {{%optional%}} {#client_id}
+### `scopes` {#scopes}
+
+**Description:** The scopes for your application. This is the registered `scopes` string split on whitespace.\
+**Type:** Array of Strings\
+**Version history:**\
+4.3.0 - added
+
+### `redirect_uris` {#redirect_uris}
+
+**Description:** The registered redirection URI(s) for your application.\
+**Type:** Array of String (URLs or `"urn:ietf:wg:oauth:2.0:oob"` as values)\
+**Version history:**\
+4.3.0 - added
+
+### `redirect_uri` {{%deprecated%}} {#redirect_uri}
+
+**Description:** The registered redirection URI(s) for your application.\
+May contain `\n` characters when multiple redirect URIs are registered.\
+**Type:** String\
+**Version history:**\
+0.0.0 - added\
+4.3.0 - deprecated in favour of [`redirect_uris`]({{< relref "entities/Application#redirect_uris" >}}), since the value of this property is not a well-formed URI when multiple redirect URIs are registered
+
+### `vapid_key` {{%deprecated%}} {#vapid_key}
+
+**Description:** Used for Push Streaming API. Returned with [POST /api/v1/apps]({{< relref "methods/apps#create" >}}). Equivalent to [WebPushSubscription#server_key]({{< relref "entities/WebPushSubscription#server_key" >}}) and [Instance#vapid_public_key]({{< relref "entities/Instance#vapid_public_key" >}})\
+**Type:** String\
+**Version history:**\
+2.8.0 - added\
+4.3.0 - deprecated pending removal, please see [api/v2/instance]({{< relref "methods/Instance#v2">}}) for this value (`configuration.vapid.public_key`)
+
+## CredentialApplication attributes {#CredentialApplication}
+
+All [Application](#attributes) attributes and the following:
+
+### `client_id` {#client_id}
 
 **Description:** Client ID key, to be used for obtaining OAuth tokens\
 **Type:** String\
 **Version history:**\
 0.9.9 - added
+4.3.0 - moved to `CredentialApplication` from `Application`
 
-### `client_secret` {{%optional%}} {#client_secret}
+### `client_secret` {#client_secret}
 
 **Description:** Client secret key, to be used for obtaining OAuth tokens\
 **Type:** String\
 **Version history:**\
 0.9.9 - added
+4.3.0 - moved to `CredentialApplication` from `Application`
 
-## Deprecated attributes
+### `client_secret_expires_at` {#client_secret_expires_at}
 
-### `vapid_key` {#vapid_key}
-
-**Description:** Used for Push Streaming API. Returned with [POST /api/v1/apps]({{< relref "methods/apps#create" >}}). Equivalent to [WebPushSubscription#server_key]({{< relref "entities/WebPushSubscription#server_key" >}}) and [Instance#vapid_public_key]({{< relref "entities/Instance#vapid_public_key" >}})\
+**Description:** When the client secret key will expire at, presently this always returns `0` indicating that OAuth Clients do not expire\
 **Type:** String\
 **Version history:**\
-2.8.0 - added
-4.3.0 - deprecated pending removal
+4.3.0 - added
 
 ## See also
 
@@ -70,3 +109,5 @@ aliases: [
 {{< page-relref ref="entities/Status#application" caption="Status (`application` attribute)" >}}
 
 {{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/serializers/rest/application_serializer.rb" caption="app/serializers/rest/application_serializer.rb" >}}
+
+{{< caption-link url="https://github.com/mastodon/mastodon/blob/main/app/serializers/rest/credential_application_serializer.rb" caption="app/serializers/rest/credential_application_serializer.rb" >}}

content/en/entities/MediaAttachment.md

@@ -223,9 +223,7 @@ More importantly, there may be another topl-level `focus` Hash object on images
 **Version history:**\
 2.8.1 - added
 
-## Deprecated attributes
-
-### `text_url` {#text_url}
+### `text_url` {{%removed%}} {#text_url}
 
 **Description:** A shorter URL for the attachment.\
 **Type:** String (URL)\

content/en/entities/Search.md

@@ -109,7 +109,7 @@ Truncated sample search for q=cats limit=2
 **Version history:**\
 1.1.0 - added\
 2.4.1 - v1/search deprecated because it returns Array of String. v2/search added which returns Array of Tag.\
-3.0.0 - v1 removed
+3.0.0 - v1/search removed
 
 ## See also