I haven't see much documentation on gaining an access token without using createAccessToken manually in an application, so I did some researching and poking around into the local and cloud endpoints using the ifttt integration urls, and subbing in some of the urls and variables seen on ST.
The flows below are a replacement for the Smartthing's oauth flow
Enabling oauth in your application.
This one is probably known to most everyone, but including here just for completeness. In the app code section, create or click an existing app and click the Oauth and enable button. Make note of the client id and secret for later in the flow:
Local
Authorization code
Build the url with the following parameters
http://local-hub-ip/oauth/authorize?client_id=c072f41d-3eab-411d-b346-cbae989faa40&redirect_uri=http://localhost&response_type=code&scope=app
client_id=client id of your app
redirect_uri=server url that will accept the code. In this case I'm using localhost so I can just grab the code when it returns.
scope=app
response_type=code
The next screen will give you the option to either grant or deny the request and to set any devices you wish to give the app access to. You must have at least one preference in here to keep it from erroring out.
Once you click authorize you will be given the code in the url. Keep note of this.
Access Token
Take the code you received above and build a new link like below:
http://local-hub-ip/oauth/token?grant_type=authorization_code&client_id=c072f41d-3eab-411d-b346-cbae989faa40&client_secret=9650f975-d792-46c7-a9e4-15902699f45e&code=pbzFZC&scope=app&redirect_uri=http://localhost
grant_type=authorization_code
client_id=client id of your app
client_secret=client secret of your app
code=code from the first call
redirect_uri=**Must be the redirect_uri from the first call**
scope=app
The redirect uri must be the same you put in the first call or this will not work
This must be sent as a POST call using a tool like POSTMAN or curl.
The response will be an access token in json format.
Cloud
Authorization Code
The same steps apply from above except now you use the Hubitat cloud url from below:
https://oauth.cloud.hubitat.com/oauth/authorize?client_id=c072f41d-3eab-411d-b346-cbae989faa40&redirect_uri=http://localhost&response_type=code&scope=app
You will be asked to sign in:
And then asked to choose a hub:
And then to configure:
And given a code:
Access Token
Build your POST url for Postman or Curl:
https://oauth.cloud.hubitat.com/oauth/token?grant_type=authorization_code&client_id=c072f41d-3eab-411d-b346-cbae989faa40&client_secret=9650f975-d792-46c7-a9e4-15902699f45e&code=nHbcIP&scope=app&redirect_uri=http://localhost
The redirect uri must be the same you put in the first call or this will not work
You now have a valid oauth token which can be used to access your app mappings
See @chuck.schwer's post below on getting the app endpoints from the cloud.
As of right now, these tokens must be passed using an "Authorization: Bearer :token:" header and not using an access_token=:token: according to @chuck.schwer's post below
Retrieving Endpoints
You can retrieve endpoints using the following url structures below:
Cloud:
https://oauth.cloud.hubitat.com/apps/api/endpoints
Local:
http://hub-ip/apps/api/endpoints
You must pass the token using an authorization header in the call:
Authorization: Bearer token