I am working on the sample exercise in https://github.com/apigee/apijam/tree/master/Labs/Appendix/API%20Security%20-%20Securing%20APIs%20with%20OAuth%20-3-legged
Is it a working example?
Should be. Are you experiencing a particular problem?
There is also this option.
I’m pretty sure that one works.