1) Authorization code grant type
 |
| Figure 1 |
Can use to obtain both access token and refresh tokens.
The flow of authorization code grant type is as follows.
When user authorize the third party app to access data, the app request for authorization.
Then the authorization server authenticates the resource owner.
The access token is sent to client application as the response.
The client app request for the access token, using the authorization code.
The client app gets receive the access token as the response.
2)
Implicit grant type
 |
| Figure 2 |
Client is not authenticated in implicit grant type, as in authorization code
grant type authorization server authenticates the resource owner.
By adding
the access token, the resource owner redirects it to the client using the URI
fragment.
Access token
get extracted and passed it back to the client.
3)
Resource owner password credential
grant type
 |
| Figure 3 |
This grant
type is used when the secure relationship is required between the client and
the resource owner.
After
resource owner provide the user name and password to the client, the client
request for the access token.
Then the
authorization server authenticates the client.
If the
authentication process gets successful, the access token is issued by the
authorization server.
4)
Client credential grant type
 |
| Figure 4 |
The
authorization server authenticates the client and provides the access token to
the client.
You can see a sample project (GitHub) :- OAuth Authorization Framework
Comments
Post a Comment