I'm posting what worked for me here since I struggled with the first step for a while. The example included in the documentation for the request authorization looks like this:
https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA=&response_type=code&redirect_uri=http%3A%2F%2Fredirect.example_community.com%2FgetaccessToken
That example above implies that the client_id is un-encoded and the redirect_uri is URL encoded. It's the other way around. From my experience with this, I found that the client_id needs to be URL encoded and the redirect_uri must NOT be URL encoded, as in:
https://community.example_community.com/auth/oauth2/authorize?client_id=CbEwDo2NtAhXLSt4Y49D1yVE9D371eyZFWRSSXvNLvA%3D&response_type=code&redirect_uri=http://redirect.example_community.com/getaccessToken
Once I followed that format, using that URL in my browser while I was logged in, I was able to get a response with a code value in the URL. Note that the Code value that is returned in the URL is URL encoded. You'll need to decode it before using it in the next step when you request the access token and refresh token at:
https://api.stage.lithium.com/auth/v1/accessToken?restapi.response_format=json
Be sure to include the Content-Type and client_id in the header, and include the code, client_id, client_secret, redirect_uri, grant_type in the body in proper JSON format. I was using Advanced Rest Client to do this manually. This second step also needs to be done within a couple of minutes after getting the Code itself.
