There are four kinds of OAuth2 Grants:
- Authorization Code: This is used in a server-side application and allows the client to get a long-lasting access token. However, this token will be invalidated if the client asks the server for a new token.
- Implicit: For the most part, this is utilized with mobile or web applications.
- Resource Owner Password Credentials: In this grant, the credentials are first sent to the customer. Then they're sent to the authorization server.
- Client Credentials: This is used when the client itself is the resource owner. There's no authorization to get from the client's end.
So, that's a brief summary of the OAuth protocol. Now let's create a project using the Spring Security OAuth2 modules.