## Working with the API
The API is protected by OAuth 2 acting as a [resource server](https://www.oauth.com/oauth2-servers/the-resource-server/)
verifying tokens using [token introspection](https://datatracker.ietf.org/doc/html/rfc7662).

When developing it uses a locally running instance of an
[authorization server](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1)
that is run inside [Docker](https://www.docker.com). It can be started with `docker compose -f docker-compose.yml up`.
Since there is no frontend to interact with the authorization server there's a helper script in
[GetToken.java](GetToken.java) that can be run directly with `java GetToken.java` to run through the authorization flow
and get an access token.

Once the token has been obtained go to the [Swagger UI](http://localhost:8080/api/swagger) to interact with the API.
Click the "Authorize" button in the top right and paste the access token to log in.