The crux of the OAuth protocol is to provide access tokens for authorization. The way of retrieving the access token is called a grant. There are various ways (grants) to access and use the access token. OAuth 2.0 provides different grants for different scenarios, like the level of trust for the application, the type of the application, and so on.
OAuth 2.0 supports the following types of grants. Selecting the one that best fits an application depends on the type of that application:
- Authorization code
- Implicit
- Resource Owner Password Credentials
- Client Credentials
Let's look at each of these grant types in detail: how they work, and into which situations they fit best.