.. _auth_overview: oAuth 2.0 authentication overview ================================= Minus implemented the oAuth 2.0 specification, however it's still a draft. Our implementation tries to follow the changes of the specification. oAuth 2.0 specification: http://tools.ietf.org/html/draft-ietf-oauth-v2-21 Access Token """""""""""" Access tokens are credentials used to access Minus API resources. Refresh Token """"""""""""" Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires. Authorization Grant """"""""""""""""""" An authorization grant is a credential representing the resource owner's authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types: authorization code, implicit, resource owner password credentials, and client credentials, as well as an extensibility mechanism for defining additional types. .. warning:: At the moment we only support "Resource Owner Password Credentials". Client_id and Client_secret """"""""""""""""""""""""""" Client applications identifies themself with a client_id client_secret pair. Scopes """""" Scopes are used to restrict applications by the users. Available scopes: :read_public: Read public files :read_all: Read all folders and files :upload_new: Upload new files and folders :modify_all: Delete/Modify all existing files and folders :modify_user: Modify user preferences Applications can obtain access token with more scopes.