An app enables the consumer to request an access token through the app key and
secret. With the access token it is possible to request protected API
endpoints. There is a default consumer implementation located at
which enables a user to manage their apps. The consumer can use any OAuth2 client
to request an access token. Fusio supports by default the
password grant type. Please take a look at the OAuth2 RFC for
more information about the flow.
redirects the user to the consumer endpoint i.e.:
If the user has authenticated and approved the app the user gets redirected to
redirect_uri. The callback contains the access token in the fragment
component. The access tokens which are issued through the implicit grant have
usually a much shorter life time because they are more insecure. It is also
possible to deactivate the implicit grant through the configuration.