I managed to get the vehicle list. I'm not going to post Tesla's OAuth secrets, so don't ask. But here's everything else.
First, you need to get the bearer token. To do this, you need to post a JSON object to https://owner-api.teslamotors.com/oauth/token
(You will need to fill in the empty strings below.)
Code:{ "grant_type" : "password", "client_id" : "", "client_secret" : "", "email" : "", "password" : "" }
That will return a JSON object containing the bearer token. That must be put in an HTTP header like this:
Code:Authorization: Bearer 1234abcd
(1234abcd is the bearer token, but in practice, this will be a much longer hexadecimal number.)
Simply get https://owner-api.teslamotors.com/api/1/vehicles using the above header, and a JSON object will be returned with the vehicle list.
Works for me too. Agreed, that they didn't obfuscate this at all.