There are four kinds of OAuth2 Grants:

• Authorization Code: This is used in a server-side application and allows the client to get a long-lasting access token. However, this token will be invalidated if the client asks the server for a new token.
• Implicit: For the most part, this is utilized with mobile or web applications. 
• Resource Owner Password Credentials: In this grant, the credentials are first sent to the customer. Then they're sent to the authorization server. 
• Client Credentials: This is used when the client itself is the resource owner. There's no authorization to get from the client's end.

So, that's a brief summary of the OAuth protocol. Now let's create a project using the Spring Security OAuth2 modules.