#Cosmos Auth server cosmos-auth exposes a RESTful API for OAuth2 tokens generation. These tokens are used in other Cosmos RESTful APIs, such as WebHDFS for authentication/authorization purposes.
In fact, tokens are not really generated by cosmos-auth, but by an Identity Manager (FIWARE's implementation is Keyrock) which is accessed by this API. So why not directly accessing the Identity Manager? This is because some sensible information regarding the Cosmos application is needed when requesting a token to the Identity Manager; specifically the client_id and client_secret generated once the Cosmos application is registered. Thus, in order this information continues being secret, it is necessary this kind of intermediary service.
Transport Layer Security (TLS) is used to provide communications security through asymetric cryptography (public/private encryption keys).
Further information can be found in the documentation at fiware-cosmos.readthedocs.io.