This is a simple program that implements an Oauth2 server. It replicates the behavior of the Google Oauth2 server. It also has a REST interface to manage the client_id and client_secret parts.
POST to /client to receive a urlencoded data blob with client_id and client_secret keys.
PUT to /client by sending a urlencoded client_id and client_secret.
DELETE to /client by sending a urlencoded client_id and client_secret.
GET /auth with the normal Oauth2 parameters (client_id, redirect_uri, scope) to receive a redirect with the auth_code.
POST /token with code={auth_code}, along with client_id, client_secret, and the grant_type=authorization_code, to get an access_token. If the /auth endpoint received an access_type=offline, this will also send a refresh_token.
POST /token with refresh_token={refresh_token}, along with client_id, client_secret, and the grant_type=refresh_code, to get an access_token.
GET /validate?token={access_token}, which will return 200 if valid and 401 if not.