The application model is designed to work with oAuth 2.0, which allows authentication and authorization with the client application (client-id / client-secret) and the owner of the resource (username / password). OAuth 2.0 is under development. After its completion, the token endpoint should be able to generate access tokens that carry the identifier of the application and / or user.