diff options
Diffstat (limited to 'meta.sr.ht/oauth.md')
| -rw-r--r-- | meta.sr.ht/oauth.md | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/meta.sr.ht/oauth.md b/meta.sr.ht/oauth.md index 4c54368..09a7bbf 100644 --- a/meta.sr.ht/oauth.md +++ b/meta.sr.ht/oauth.md @@ -84,3 +84,14 @@ utilize the state parameter. The authorization code issued is a 16 character hexadecimal string, and it must be used within 5 minutes. + +## Access token endpoint + +The access token endpoint (see [section 4.1.3][RFC 6749:4.1.3]) is +`https://meta.sr.ht/oauth2/access-token`. The `request_uri` parameter MUST NOT +be provided by the client. HTTP Basic authentication is also recommended per +[section 2.3.1][RFC 6749:2.3.1]. Our access token response will always set the +token type to "bearer". + +[RFC 6749:4.1.3]: https://tools.ietf.org/html/rfc6749#section-4.1.3 +[RFC 6749:2.3.1]: https://tools.ietf.org/html/rfc6749#section-2.3.1 |