The oauth2 server supports 2 endpoints:
- token: issues an access token based on the request body parameters
- authorize: used internally from apps to authorize the usage of resources or explicit authentication from 3th party users.
There are 3 types of gran types available in the API, these are:
Client secret is a secret hash that will be provide to you when you issue your api access.
Client id is your unique id to use the api, handed to you when you request access to the api
Username is the username for a registered user. You should include this while using password grant_type only. The resulting access token should enable your app to make calls on behalf of the registered user. Such calls might include: /PlaceBid, /UserStatement, etc..
The selected password from your registered user through the api.
Authorization code, obtained from oauth2 server (required when using authorization_code grant type)
URL to redirect the user back to (required when using authorization_code grant type)