When using it as an OAuth2 provider for login to another site, here are the important endpoints:
* /authorize --- authentication, call with ?response_type=code&client_id=...&state=...&scope=...&redirect_uri=... - only response_type=code is supported right now (will display HTML form to user and send JSON to redirect_uri).
* /token --- fetch token, this is both for getting access tokens and refresh tokens (as usual).
When using it as an OAuth2 provider for login to another site, here are the important endpoints:
* /authorize --- authentication, call with ?response_type=code&client_id=...&state=...&scope=...&redirect_uri=... - only response_type=code is supported right now (will display HTML form to user and send JSON to redirect_uri).
* /token --- fetch token, this is both for getting access tokens and refresh tokens (as usual).