Overview#

OAuth 2.0 Use case Summary

Use CaseTrustworthinessSuggested OAuth 2.0 Authorization Grant_typeDescription
B2B (extranet), intranet, otherHighly trusted Applications, written by internal developer or developers with a trusted business relationship with the API Provider. Applications that need to access resources on their own behalf.Client Credentials GrantTypically, the Application is also the Resource Owner
Requires Client_id and Client Secret keys
Requires OAuth 2.0 Client Registration
Intranet sites, portalsTrusted Applications written by internal or trusted third-party developers.
A good example is logging in to your company HR site to make insurance selections, submit reviews, or change personal information.
Resource Owner Password Credentials GrantRequires Client_id and Client Secret, plus UserId and password
Requires OAuth 2.0 Client Registration
Publicly available ApplicationsUntrusted Applications written by third-party developers who do not have a trusted business relationship with the API Provider.
For example, developers who register for public API programs should not generally be trusted.
Authorization Code GrantRequires user to log in to Authorization Server
Applications never sees UserId and password
Requires OAuth 2.0 Client Registration
B2CThere is an individual end user (mobile user) involved, and user credentials are stored on the mobile Device.Implicit GrantUser credentials are stored on the device running the Application.
Requires OAuth 2.0 Client Registration

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-5) was last changed on 03-Mar-2017 08:46 by jim