The OAuth2 framework is used for authentication. The basic flow is:
- Username and password is forwarded to the
token
endpoint with a username and password. - User gets a long-lived refresh token and a short-lived access token.
- (later) User uses refresh token to get a new short-lived access token using the
token
endpoint.
The token will be a base64 string, like ohrqPAqtQs-xVSltMhypTg
,
which will be used in the Authorization
header, like:
Authorization: Bearer ohrqPAqtQs-xVSltMhypTg
In the near future, we will also support a redirect workflow more suitable web-based applications with redirect URIs.