I have explained a way for implementing OAuth2.This method contains a new Key Manager to handle the OAuth2 procedure.
First, the client application has to login to the application by entering username and password as usual. When the client application needs to access API, it has to first face the authorization procedure in the key manager component. The client has to create a web app in order to access the REST API as shown in the diagrams below. Then, the consumer key and consumer secret are generated and given to the client. After that, by passing that consumer key and consumer secret to the key manager, client can receive access token as the response. Then by using this access token, the client can access the API.