OAuth2 Grant-Types
Disclaimer: Data shown here is most likely incorrect. Use at your own risk. The main purpose is a kinda cheat sheet i can refer to.
Different grant types
OAuth2 can be used in various scenarios.
Scenarios differ in security contraints.
| Scenario | Meaning | Comment |
|---|---|---|
| Web Applicatiuon w backend server | authorization code flow | Most common |
| Native mobile app | authorization code flow w PKCE | |
| JS app (aka SPA) w API backend | implicit flow | Should not be used anymore |
| Transfers token through | ||
| MicroServices and APIs | client credential flow |
graph TD;
A-->B;
A-->C;
B-->D;
C-->D;