Core Grant Types Overview
Get an initial overview of the different authorization grant types and when each is typically used in various application scenarios.
What Are Grant Types?
In OAuth2, Authorization Grant Types are the different methods a client application uses to obtain an access token from the authorization server.
Think of them as various "workflows" or "strategies" tailored for different client types and security needs.
Each type dictates how the client proves its identity and gets permission to access a user's (or its own) resources.
Authorization Code Flow (Web Apps)
This is the most widely recommended and secure grant type, especially for confidential clients like traditional web applications running on a server.
The client exchanges an authorization code (received from the user's browser) for an access token directly with the authorization server. This keeps the access token out of the browser's URL.
All lessons in this course
- OAuth2: The Delegation Protocol
- OAuth2 Roles & Terminology
- Core Grant Types Overview
- Access Tokens, Refresh Tokens & Scopes