Authorization is necessary to protect resources from malicious use. When the Internet Engineering Task Force (IETF) drafted internet protocols and rules, it also planned out different methods to protect and access resources on a server. These efforts led to OAuth 1.0 and later OAuth 2.0.
The OAuth 2.0 specification is an authorization framework containing a number of methods, or grants, by which a client application can get an access token. The access token can be presented to an API endpoint, which can then examine it to determine validity and permissions levels. Each grant type is designed for a particular use case.
OAuth 2.0 focuses on the authorization. There are other protocols like OpenID Connect (OIDC) that focus on authentication. OIDC allows the software to access login and profile information about the logged-in user.
This article will go through all the different OAuth 2 grant types and explain the flow for each so that you can determine which is the best fit and safely use it in your applications.
Read the full blog on FusionAuth.
Thanks for reading 💜
I publish a monthly newsletter in which I share personal stories, things that I am working on, what is happening in the world of tech, and some interesting dev-related posts which I come across while surfing on the web.
— Ravgeet, Full Stack Developer and Technical Content Writer
Did you find this article valuable?
Support Ravgeet Dhillon by becoming a sponsor. Any amount is appreciated!