Minus implemented the oAuth 2.0 specification, however it’s still a draft. Our implementation tries to follow the changes of the specification.
Access tokens are credentials used to access Minus API resources.
Refresh tokens are credentials used to obtain access tokens. Refresh tokens are issued to the client by the authorization server and are used to obtain a new access token when the current access token becomes invalid or expires.
An authorization grant is a credential representing the resource owner’s authorization (to access its protected resources) used by the client to obtain an access token. This specification defines four grant types: authorization code, implicit, resource owner password credentials, and client credentials, as well as an extensibility mechanism for defining additional types.
Warning
At the moment we only support “Resource Owner Password Credentials”.
Client applications identifies themself with a client_id client_secret pair.
Scopes are used to restrict applications by the users.
Available scopes:
read_public: Read public files read_all: Read all folders and files upload_new: Upload new files and folders modify_all: Delete/Modify all existing files and folders modify_user: Modify user preferences
Applications can obtain access token with more scopes.