#sebselIf you go to the basis of it, the token endpoint is just a place that takes a random string (the token) and maps it to a URL (the user the token represents) and some scopes. And it does the reverse: once it verified some steps, it gives out those tokens.