need help getting oauth2 working

<p>I am having a few issues understanding the flow of oauth2. read various posts about it and trying to incorporate it into my beego rest api. what i want to know is. (1) how to initially start the process. (2) what needs to be sent from the client side. (my seperate website, app) (3) how these variables are stored on the client side (in special file? encrypted?). (4) can I just make up a key for the client to communicate initially with the API? (dont want to use google because Iam learning) (5) how to send these variables in a POST from the client to the API. (for example, a post with json body OR as header variables) .</p> <p>I know i need to use TLS/SSL but ill worry about that after i get a prototype/ test version of OAUTH2.0 working with postman.</p> <p>been reading this article. very well written. <a href="http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/" rel="nofollow">http://www.bubblecode.net/en/2016/01/22/understanding-oauth2/</a></p> <p>but. under the initial &#34;client registration&#34; section. I describes params that must be passed from the client.</p> <p>&#34;Client registration</p> <p>Application Name: the application name Redirect URLs: URLs of the client for receiving authorization code and access token Grant Type(s): authorization types that will be used by the client Javascript Origin (optional): the hostname that will be allowed to request the resource server via XMLHttpRequest&#34;</p> <p>this doesnt include a password or anything? </p> <p>and the API returns </p> <p>&#34;Client Id: unique random string Client Secret: secret key that must be kept confidential&#34;</p> <p>according to the doc? so essentially anyone can receive the client id and Client secret back? I am really not following the spec at all. even the initial messages in registering the client. If anyone could give me a slightly better description id really appreciate it.</p>