Grant types in OAuth 2.0

The grant type is how OAuth 2.0’s Authorization Server can process and verify that the Client Application is eligible for access to the Resource Server. There are 4 types of grant types that OAuth 2.0 defines in its spec:

  • Authorization Code
  • Implicit
  • Resource Owner Password Credentials
  • Client Credentials

In this tutorial, we will learn the details of each grant type!


Authorization Code

With this grant type, the Client Application will request authorization code from Authorization Server and use it to confirm with the Resource Server to be able to use the resource it wants to use. Specifically, the grant type of the Authorization Code will take place as follows:

Grant types in OAuth 2.0

Grant type Authorization Code is often used when 3rd party applications need access to our system. We can refresh the token after a period of time to increase security.


Implicit

This grant type is similar to the grant type Authorization Code for the most part, except that the Authorization Server will not return the authorization code for the Client Application, but will return the access token as soon as we log in to the Authorization Server.

This means the token is not stored securely on the Client Application, but now we can see the access token as well.

Specifically, the grant type process using Implicit will take place as follows:

Grant types in OAuth 2.0


Resource Owner Password Credentials

With this grant type, we have to trust the Client Application completely, because we will have to log in to the Client Application using the credentials in the Authorization Server. The Client Application will then capture our login information.
Grant types in OAuth 2.0

Only use this type of grant if it’s absolutely necessary, guys!

Client Credentials

This grant type is similar to the grant type Resource Owner Password Credentials but here, the user does not use the resources that belong to this user but other users.

Chia sẽ bài viết này ...Share on Facebook
Facebook
0Tweet about this on Twitter
Twitter
Share on LinkedIn
Linkedin

Add Comment