Complete OAuth 2.0 documentation

author: Drew DeVault <sir@cmpwn.com> 2020-09-22 12:56:12 -0400
committer: Drew DeVault <sir@cmpwn.com> 2020-09-22 12:56:12 -0400
commit: 8fc6c30dda4d448fdc26e3d5441c2a67424b1e6a (patch)
tree: f88a6e98023204dde4bade0bbe726c3cc9157f40 /meta.sr.ht/oauth.md
parent: 12655f2554b25ef78df27c1555f19a313624ae0b (diff)
download: sr.ht-docs-8fc6c30dda4d448fdc26e3d5441c2a67424b1e6a.tar.gz
1 files changed, 11 insertions, 0 deletions
diff --git a/meta.sr.ht/oauth.md b/meta.sr.ht/oauth.md
index 4c54368..09a7bbf 100644
--- a/meta.sr.ht/oauth.md
+++ b/meta.sr.ht/oauth.md
@@ -84,3 +84,14 @@ utilize the state parameter.
 
 The authorization code issued is a 16 character hexadecimal string, and it must
 be used within 5 minutes.
+
+## Access token endpoint
+
+The access token endpoint (see [section 4.1.3][RFC 6749:4.1.3]) is
+`https://meta.sr.ht/oauth2/access-token`. The `request_uri` parameter MUST NOT
+be provided by the client. HTTP Basic authentication is also recommended per
+[section 2.3.1][RFC 6749:2.3.1]. Our access token response will always set the
+token type to "bearer".
+
+[RFC 6749:4.1.3]: https://tools.ietf.org/html/rfc6749#section-4.1.3
+[RFC 6749:2.3.1]: https://tools.ietf.org/html/rfc6749#section-2.3.1
author	Drew DeVault <sir@cmpwn.com>	2020-09-22 12:56:12 -0400
committer	Drew DeVault <sir@cmpwn.com>	2020-09-22 12:56:12 -0400
commit	8fc6c30dda4d448fdc26e3d5441c2a67424b1e6a (patch)
tree	f88a6e98023204dde4bade0bbe726c3cc9157f40 /meta.sr.ht/oauth.md
parent	12655f2554b25ef78df27c1555f19a313624ae0b (diff)
download	sr.ht-docs-8fc6c30dda4d448fdc26e3d5441c2a67424b1e6a.tar.gz