The endpoint to call to request authorization, which is where the authorization server chooses whether or not to grant access.
The specified endpoint, whether it is remote or local, must use HTTPS.