Oauth2 grants

Oct 19th, 2017
1 min read


OAuth let’s to authenticate using different methods. A grant is a method of acquiring an access token. Deciding which grants to implement depends on the type of client the end user will be using, and the experience intended for the users.

  • Client Credentials Grant: Example when two machines need to communicate to each other, e.g. two APIs.

  • Authorization Code Grant: The flow that occurs when user login to a service using Twitter, GitHub, Google etc.

  • Implicit Grant: Similar to Authorization Code, only it’s user-based.

  • Password Grant: Users login using combination username/email and password.

  • Refresh Grant: Used to generate a new token when the old one has expires.

Read Official specification.

Which grants


Image Source: https://oauth2.thephpleague.com/authorization-server/which-grant/


Be an awesome subscriber to get random content sent to your inbox.

Share this post ❤️