Authentication

OAuth 2.0 Endpoints

POST /oauth/token - getting a token
POST /oauth/devicehub - pairing to a devicehub
DELETE /oauth/revoke - revoke token, i.e. logout
/oauth/authorize - Used by other services to request authorization (not required by password flow).
/oauth/check_token - Used by other services to check the tokens they've received. If the token is valid, information about the user is returned.

Example scripts (see in `docs/example-scripts` directory)

token-direct.sh and token-gateway.sh - obtain a token
check_token.sh - check an existing token and show user information if the token is valid

General sequence of the password flow

Get a token
- Basic Auth: clientId as the user, clientSecret as password
- Body (form-data): username, password and grant_type (password)
- POST /oauth/token
Make authenticated request
- Authorization: Bearer {access_token}

OAuth 2.0 Endpoints
Example scripts (see in docs/example-scripts directory)
General sequence of the password flow