OAuth 2.0 Endpoints

  • POST /oauth/token - getting a token
  • POST /oauth/devicehub - pairing to a devicehub
  • DELETE /oauth/revoke - revoke token, i.e. logout
  • /oauth/authorize - Used by other services to request authorization (not required by password flow).
  • /oauth/check_token - Used by other services to check the tokens they've received. If the token is valid, information about the user is returned.

Example scripts (see in docs/example-scripts directory)

  • and - obtain a token
  • - check an existing token and show user information if the token is valid

General sequence of the password flow

  1. Get a token
    • Basic Auth: clientId as the user, clientSecret as password
    • Body (form-data): username, password and grant_type (password)
    • POST /oauth/token
  2. Make authenticated request
    • Authorization: Bearer {access_token}