Oauth - Authorization Grant (Resource Owner Authorization|Authorization Credentials)



An Authorization Grant is a credential representing the resource owner's authorization to access its protected resources.

The flow for each type of grant is expressed using grant type:

  • one of four grant types
  • or an extension grant type.

The authorization grant is used by the client to obtain an access token (except for the implicit one because there is no intermediate grant, the access token is issued directly).


The Oauth specification defines four grant types.

Grant type Flow Type Description
authorization code (preferable) Oauth - Flow (Abstract Protocol Flow) intermediate credentials, authentication of the client
implicit Oauth - Flow (Abstract Protocol Flow) no intermediate credentials, no authentication of the client, flow optimized for clients implemented in a browser using a scripting language (such as JavaScript)
resource owner password credentials Oauth - Flow (Abstract Protocol Flow) The client has access to the resource owner credentials during a single request to get an long-lived access token - therefore a high trust between client and resource owner is needed
client credentials the client is also the resource owner or an authorization was previously arranged with the authorization server
extensibility mechanism for defining additional types

The authorization grant type depends on:



A grant is issued by the authorization endpoint

Discover More
Client Endpoint (Redirection URI | Redirection Endpoint | User Agent Redirection)

The client endpoint is an endpoint used by the authorization endpoint to return authorization responses containing authorization credentials to the client via the resource owner user-agent (typically a...
OAuth - Client Credential Grant

Client credentials is an authorization grant type. The client credentials (or other forms of client authentication) can be used as an authorization grant when the authorization scope is limited to protected...
OAuth - Endpoint (Protocol Endpoints)

The authorization process utilizes: two authorization server endpoints (HTTP resources): As well as one client endpoint also called the Redirection endpoint - used by the authorization server to return...
OAuth - Implicit Grant and flow

The implicit grant is a grant type (flow) that issued directly an access token. (It does not support the issuance of refresh tokens). This grant type is called implicit, as no intermediate credentials...
OAuth - Resource Owner Password Credentials / Password Credentials Flow

This page is the authentication via the password credentials (ie login+password) in OAuth. This type of authentication is known in Oauth as: the Password Credentials Flow. the Resource owner password...
OAuth - Token Endpoint

The token endpoint is an authorization endpoint used by the client to obtain an access token by presenting its: authorization grant or refresh token. The token endpoint is used with every authorization...
Oauth - Authorization

The access authorization from the resource owner is expressed in the form of an authorization grant. The client gets a grant and uses it to request access token (except in the implicit grant that send...
Oauth - Credential

This page lists all token used in OAuth Credential Type Type Description Used to access the protected resources Used to get a access token (and eventually a refresh token ...
Oauth - Flow (Abstract Protocol Flow)

The abstract OAuth 2.0 flow describes the interaction between the four roles. For each type of grant, you got a flow: Type / Flow Description Client Type (Public / Private) Direction Type Redirection...
Oauth - Refresh token

When an access token expires, developers can use an optional refresh token to request a new access token without having to ask the user to enter their credentials again. Refresh tokens are credentials...

Share this page:
Follow us:
Task Runner