Port oauth/token and oauth/authorize to /api/v2, delegating to the shared oauth2server.ExchangeToken / Authorize cores. The token endpoint accepts spec-compliant application/x-www-form-urlencoded bodies (RFC 6749) in addition to JSON; a form-urlencoded format is registered on the v2 API that binds into the same json-tagged request struct. The response carries Cache-Control: no-store. The token endpoint is public; authorize inherits the global JWT auth. |
||
|---|---|---|
| .. | ||
| shared | ||
| v1 | ||
| v2 | ||