8fc6c30dda4d448fdc26e3d5441c2a67424b1e6a — Drew DeVault a month ago 12655f2
Complete OAuth 2.0 documentation
1 files changed, 11 insertions(+), 0 deletions(-)

M meta.sr.ht/oauth.md
M meta.sr.ht/oauth.md => meta.sr.ht/oauth.md +11 -0
@@ 84,3 84,14 @@ utilize the state parameter.

The authorization code issued is a 16 character hexadecimal string, and it must
be used within 5 minutes.

## Access token endpoint

The access token endpoint (see [section 4.1.3][RFC 6749:4.1.3]) is
`https://meta.sr.ht/oauth2/access-token`. The `request_uri` parameter MUST NOT
be provided by the client. HTTP Basic authentication is also recommended per
[section 2.3.1][RFC 6749:2.3.1]. Our access token response will always set the
token type to "bearer".

[RFC 6749:4.1.3]: https://tools.ietf.org/html/rfc6749#section-4.1.3
[RFC 6749:2.3.1]: https://tools.ietf.org/html/rfc6749#section-2.3.1