Document OAuth2 limitations and requirements

settermjd · settermjd · commit 7a1bf35438cd · 2018-03-19T12:46:39.000+01:00
Relates to #3464.
diff --git a/admin_manual/configuration/server/security/oauth2.rst b/admin_manual/configuration/server/security/oauth2.rst
@@ -136,6 +136,9 @@ An access token is valid for 1 hour and can be refreshed with a refresh token.
 
 For further information about client registration, please refer to `the official access token response RFC from the IETF`_.
 
+.. note::
+   For a succinct explanation of the differences between access tokens and authorization codes, check out `this answer on StackOverflow`_.
+
 Installation
 ------------
 
@@ -180,4 +183,4 @@ Revoking Sessions
 .. _Client authentication: https://tools.ietf.org/html/rfc6749#section-2.3
 .. _mod_rewrite: http://httpd.apache.org/docs/current/mod/mod_rewrite.html
 .. _mod_headers: http://httpd.apache.org/docs/current/mod/mod_headers.html
-
+.. _this answer on StackOverflow: https://stackoverflow.com/a/16341985/222011
