Overview#

Grant Types refer to the Types of Authorization Grants within OAuth 2.0.

The Authorization Grant requires a grant_type parameters which represents the various Grant Types.

OAuth 2.0 focuses on client developer simplicity while providing specific Grant Types which have associated OAuth 2.0 Protocol Flows.

OAuth 2.0 is a very flexible standard and can be adapted to work in many different scenarios. The core specification describes four Grant Types:[2]

The OAuth 2.0 specification details a fifth grant, the Refresh Token Grant, which can be used to "refresh" (i.e. get an "new" Access Token which has the same Authorization as the original.

There are other Grant Types that are NOT defined in The OAuth 2.0 Authorization Framework, that have gone through, or are currently in, the IETF ratification process:

OpenID Connect#

Within OpenID Connect the openid-configuration URI The grant_types_supported node within the The openid-configuration URI should show the Grant Types that a particular Authorization Server supports.

The OpenID Connect spec provides a nice comparison of the three flows supported, reproduced here in a simplified form.

Flow propertyCodeImplicitHybrid
All tokens returned from Authorization_endpoint
All tokens returned from Token_endpoint
Tokens NOT revealed to user-agent
Client can be authenticated
Refresh Token possible
Communication in one round trip
Most communication server-to-servervaries

Extension Grants#

Grant Types other than those defined in RFC 6749 are, so name collisions are avoided, to be URIs as defined in section 4.5 on Extension Grants.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-30) was last changed on 21-Jun-2017 07:47 by jim