Add OAuth 2 authentication guide with standard parameters

[jeremy]

Summary

• Add sections/authentication.md with BC3-specific OAuth 2 docs using standard parameters (response_type=code, grant_type=authorization_code, grant_type=refresh_token) and updated token response including token_type: "Bearer"
• Update README.md to link auth guide locally and add Authentication to the API endpoints index

Context

Auth docs currently live in basecamp/api and cover all products with legacy Launchpad OAuth parameters. This imports and adapts them for BC3 only, using the standard OAuth 2.0 parameters added in launchpad#769 and the token_type field from signal_id#314.

Legacy parameters (type=web_server, type=refresh) are noted as still supported but not recommended.

Test plan

• Verify sections/authentication.md follows the section file format (Setext headings, example JSON with markers, cURL blocks)
• Confirm OAuth URLs point to launchpad.37signals.com authorization/token endpoints
• Confirm standard OAuth 2.0 parameters are documented as primary approach
• Verify README auth guide link resolves to local sections/authentication.md
• Verify Authentication appears alphabetically before Attachments in endpoint index

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6299c986ec

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[Copilot]

Pull request overview

This PR adds a new OAuth 2 authentication guide specifically for Basecamp 4 (bc3) that documents the standard OAuth 2.0 flow with modern parameters (response_type=code, grant_type=authorization_code, grant_type=refresh_token) and the token_type: "Bearer" field in token responses. The guide replaces a previous external link with a local authentication documentation file.

Changes:

• Added sections/authentication.md with BC3-specific OAuth 2 documentation including standard OAuth 2.0 parameters and token response format
• Updated README.md to link to the local authentication guide and added Authentication to the API endpoints index

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
sections/authentication.md	New comprehensive OAuth 2 authentication guide covering the authorization flow, token exchange, refresh tokens, and user authorization details with standard OAuth 2.0 parameters
README.md	Updated authentication guide link to point to local file and added Authentication entry alphabetically before Attachments in API endpoints list

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.