Very rough explanation.
Direct the user first too
https://www.trailforks.com/api/1/oauth2/login/
client_id, redirect_uri
Then when they login the user is directed to
https://www.trailforks.com/api/1/oauth2/auth/
When they authorise you get a response with a "code" that you use to make a call to
https://www.trailforks.com/api/1/token/
app_id, app_secret, code
Then if accepted you get a user_id, username & token_public back.
client_id = app_id
The main API was made first using "app_id" and then the OAuth was added later. The norm for OAuth is "client_id". So there is a big of confusion there.
To revoke an Oauth user use the https://www.trailforks.com/api/1/oauth2/revoke/ endpoint using the users token_public and their user_id.
Direct the user first too
https://www.trailforks.com/api/1/oauth2/login/
client_id, redirect_uri
Then when they login the user is directed to
https://www.trailforks.com/api/1/oauth2/auth/
When they authorise you get a response with a "code" that you use to make a call to
https://www.trailforks.com/api/1/token/
app_id, app_secret, code
Then if accepted you get a user_id, username & token_public back.
client_id = app_id
The main API was made first using "app_id" and then the OAuth was added later. The norm for OAuth is "client_id". So there is a big of confusion there.
To revoke an Oauth user use the https://www.trailforks.com/api/1/oauth2/revoke/ endpoint using the users token_public and their user_id.
- By canadaka
Trailforks - #110 - 1,269 views