aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta.sr.ht/oauth.md11
1 files changed, 11 insertions, 0 deletions
diff --git a/meta.sr.ht/oauth.md b/meta.sr.ht/oauth.md
index 4c54368..09a7bbf 100644
--- a/meta.sr.ht/oauth.md
+++ b/meta.sr.ht/oauth.md
@@ -84,3 +84,14 @@ utilize the state parameter.
The authorization code issued is a 16 character hexadecimal string, and it must
be used within 5 minutes.
+
+## Access token endpoint
+
+The access token endpoint (see [section 4.1.3][RFC 6749:4.1.3]) is
+`https://meta.sr.ht/oauth2/access-token`. The `request_uri` parameter MUST NOT
+be provided by the client. HTTP Basic authentication is also recommended per
+[section 2.3.1][RFC 6749:2.3.1]. Our access token response will always set the
+token type to "bearer".
+
+[RFC 6749:4.1.3]: https://tools.ietf.org/html/rfc6749#section-4.1.3
+[RFC 6749:2.3.1]: https://tools.ietf.org/html/rfc6749#section-2.3.1