I'm trying to connect the an external service to RTC via oAuth.

The application will use stateless REST services and invoke some OSLC CM creation factory.
In order to doing so, I registered a Consumer (Inbound), and shared the key with the external service.
The service asks me the following mandatory oAuth info in order to connect to RTC:

• "authorization_url"
• "client_secret"
• "client_id"
• "access_token_url"

I'm not really sure how these map to RTC.

The problem:
I could not find any document that states where to find the OAuth endpoints as required by the oAuth protocol. Looking at my OSLC rootservices document I somehow figured out something this configuration:

{

"authorization_url": "https://myRTC:9443/ccm/oauth-authorize", 

"client_secret": "MyService", 

"client_id": "9f1f86d97f0b48a1af6d4e99b96edb21", 

"access_token_url": "https://myRTC:9443/ccm/oauth-access-token"

}

The authorization_url is called by the service via HTTP GET + some parameter (according to the oAuth spec):

https://myRTC:9443/oauth-authorize?response_type=code&client_id=9f1f86d97f0b48a1af6d4e99b96edb21&redirect_uri=https%3A//some/redirect.html

However, this gives me an HTTP 400 Error:

HTTP Status 400 - The token paramter is missing
The request sent by the client was syntactically incorrect (The token paramter is missing).

So my question is how to authorize an external service, e.g. provide it with the mentioned information.
Using FORM based auth is not an option, and I'm not in control of the external service (e.g. can't switch from GET to POST to the the authorize URL).

thanks for any hints
  Florian