I've noticed a few problems with the API docs, but the issue that made me open this topic is as follows:
expires_in is listed in the docs as one of the values returned in the hash, but in my testing, it is non-existent. For your debugging purposes, the provided POST:https://api.lockitron.com/oauth/token?client_id=REDACTED&client_secret=REDACTED&code=REDACTED&grant_type=authorization_code&redirect_uri=https%3A%2F%2Fgraph.api.smartthings.com%2Foauth%2Fcallback
The grant_type explanation is whack and needs revisiting. It talks about an authentication_code which is not accurate. The required value is authorization_code.
@jamesmeador thanks for the corrections - there are a few things I would like to update on our OAuth implementation but we want to keep things stable as folks build against it.