Add POST /api/v1/oauth/token supporting authorization_code and refresh_token grant types. Validates PKCE, exchanges codes for JWT access tokens with refresh token rotation. Uses the shared RefreshSession helper for the refresh grant. |
||
|---|---|---|
| .. | ||
| authorize.go | ||
| client.go | ||
| pkce.go | ||
| token.go | ||