Andrew Dorokhov
OAuth 2.0 (Open Authorization 2.0) is an authorization protocol that enables third-party applications to obtain limited access to a user’s protected resources, such as data, without the need for the user’s credentials to be shared directly. Also, it allows us to issue a limited set of rights.
Flows
There are 4 flows of how you can use this protocol.
The goal remains always the same: to obtain an access_token and use it to access protected resources.
| Flow | Description |
|---|---|
| Authorization Code Grant | A code is issued and used to obtain the access_token. This code is released to a front-end application (on the browser) after the user logs in. The access_token instead, is issued Server side, authenticating the client with its password and the obtained code. |
| Implicit Grant | After the user logs in, the access_token is issued immediately. |
| Client Credential Grant | The access_token is issued on the server, authenticating only the client, not the user. |
| Password Grant | The access_token is issued immediately with a single request containing all login information: username, user password, client id, and client secret. |
