Appendix B. OAuth2 grant types

 

This appendix covers

  • OAuth2 Password grant
  • OAuth2 Client credentials grant
  • OAuth2 Authorization code grant
  • OAuth2 Implicit credentials grant
  • OAuth2 Token Refreshing

From reading chapter 7, you might be thinking that OAuth2 doesn’t look too complicated. After all, you have an authentication service that checks a user’s credentials and issues a token back to the user. The token can, in turn, be presented every time the user wants to call a service protected by the OAuth2 server.

Unfortunately, the real world is never simple. With the interconnected nature of the web and cloud-based applications, users have come to expect that they can securely share their data and integrate functionality between different applications owned by different services. This presents a unique challenge from a security perspective because you want to integrate across different applications while not forcing users to share their credentials with each application they want to integrate with.

B.1. Password grants

 
 
 
 

B.2. Client credential grants

 
 

B.3. Authorization code grants

 
 

B.4. Implicit grant

 
 
 

B.5. How tokens are refreshed

 
 
 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest