From c57283652b2dcef27ec6f5c3b8006723481394d4 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 25 Sep 2018 01:24:37 +0200
Subject: [PATCH] Add API authentication page

---
 content/en/api/authentication.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/content/en/api/authentication.md b/content/en/api/authentication.md
index 2dab63a..7a44a60 100644
--- a/content/en/api/authentication.md
+++ b/content/en/api/authentication.md
@@ -5,3 +5,13 @@ menu:
     parent: api
     weight: 1
 ---
+
+Mastodon is federated, therefore you can't be expected to manually register your application on all potential servers your users might want to login on. For this reason, there is an open app registration API, so obtaining OAuth 2 credentials for OAuth 2 authorization can be automated.
+
+Make sure that you allow your users to specify the domain they want to connect to before login. Use that domain to acquire a client id/secret for OAuth 2 and then proceed with normal OAuth 2 also using that domain to build the URLs.
+
+Mastodon supports the following OAuth 2 flows:
+
+- **Authorization code flow**: For end-users
+- **Password grant flow**: For bots and other single-user applications
+- **Client credentials flow**: For applications that do not act on behalf of users