You'll find the video tutorial here
In short - The flow is described in the following 4 steps.
- Step 1: Call /connect/authorize to initiate user login and consent
- Step 2: Wait for the response by listening on the redirect URI and get the authorization code
- Step 3: Exchange the authorization code for tokens using /connect/token
- Step 4: Keep the session alive by using the refresh token
- Step 5: Best Practice