oAuth 2.0 authentication overview

Minus implemented the oAuth 2.0 specification, however it’s still a draft. Our implementation tries to follow the changes of the specification.

oAuth 2.0 specification:

Access Token

Access tokens are credentials used to access Minus API resources.

Refresh Token

Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires.

Authorization Grant

An authorization grant is a credential representing the resource owner’s authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types: authorization code, implicit, resource owner password credentials, and client credentials, as well as an extensibility mechanism for defining additional types.


At the moment we only support “Resource Owner Password Credentials”.

Client_id and Client_secret

Client applications identifies themself with a client_id client_secret pair.


Scopes are used to restrict applications by the users.

Available scopes:

read_public:Read public files
read_all:Read all folders and files
upload_new:Upload new files and folders
modify_all:Delete/Modify all existing files and folders
modify_user:Modify user preferences

Applications can obtain access token with more scopes.

Table Of Contents

Previous topic


Next topic

oAuth 2.0 tutorial

This Page