Appendix B. OAuth2 grant types
This appendix covers
- OAuth2 Password grant
- OAuth2 Client credentials grant
- OAuth2 Authorization code grant
- OAuth2 Implicit credentials grant
- OAuth2 Token Refreshing
From reading chapter 7, you might be thinking that OAuth2 doesn’t look too complicated. After all, you have an authentication service that checks a user’s credentials and issues a token back to the user. The token can, in turn, be presented every time the user wants to call a service protected by the OAuth2 server.
Unfortunately, the real world is never simple. With the interconnected nature of the web and cloud-based applications, users have come to expect that they can securely share their data and integrate functionality between different applications owned by different services. This presents a unique challenge from a security perspective because you want to integrate across different applications while not forcing users to share their credentials with each application they want to integrate with.