An Authorization Grant is a credential representing the resource owner's authorization to access its protected resources.
The flow for each type of grant is expressed using grant type:
The authorization grant is used by the client to obtain an access token (except for the implicit one because there is no intermediate grant, the access token is issued directly).
The Oauth specification defines four grant types.
| Grant type | Flow Type | Description |
|---|---|---|
| authorization code (preferable) | Oauth - Flow (Abstract Protocol Flow) | intermediate credentials, authentication of the client |
| implicit | Oauth - Flow (Abstract Protocol Flow) | no intermediate credentials, no authentication of the client, flow optimized for clients implemented in a browser using a scripting language (such as JavaScript) |
| resource owner password credentials | Oauth - Flow (Abstract Protocol Flow) | The client has access to the resource owner credentials during a single request to get an long-lived access token - therefore a high trust between client and resource owner is needed |
| client credentials | the client is also the resource owner or an authorization was previously arranged with the authorization server | |
| extensibility mechanism | for defining additional types |
The authorization grant type depends on:
A grant is issued by the authorization endpoint